Vulnerabilities > Radare > Radare2 > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-08 | CVE-2022-0139 | Unspecified vulnerability in Radare Radare2 Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. | 9.8 |
| 2022-02-01 | CVE-2022-0419 | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | 5.5 |
| 2022-01-11 | CVE-2022-0173 | Out-of-bounds Read vulnerability in multiple products radare2 is vulnerable to Out-of-bounds Read | 5.5 |
| 2021-05-14 | CVE-2021-32613 | Double Free vulnerability in multiple products In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | 5.5 |
| 2020-07-20 | CVE-2020-15121 | OS Command Injection vulnerability in multiple products In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. | 9.6 |
| 2019-12-09 | CVE-2019-19647 | NULL Pointer Dereference vulnerability in multiple products radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. | 7.8 |
| 2019-12-05 | CVE-2019-19590 | Use After Free vulnerability in Radare Radare2 In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. | 7.8 |
| 2019-09-23 | CVE-2019-16718 | OS Command Injection vulnerability in Radare Radare2 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. | 7.8 |
| 2019-08-07 | CVE-2019-14745 | Command Injection vulnerability in multiple products In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. | 7.8 |
| 2019-06-17 | CVE-2019-12865 | Double Free vulnerability in Radare Radare2 In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. | 5.5 |