Vulnerabilities > Radare > Radare2 > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-15 CVE-2019-12829 Out-of-bounds Write vulnerability in Radare Radare2
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations.
network
low complexity
radare CWE-787
7.5
7.5
2019-06-13 CVE-2019-12802 Use After Free vulnerability in multiple products
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context.
local
low complexity
radare fedoraproject CWE-416
7.8
7.8
2019-06-10 CVE-2019-12790 Out-of-bounds Read vulnerability in Radare Radare2
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c.
local
low complexity
radare CWE-125
7.8
7.8
2018-06-13 CVE-2018-12321 Out-of-bounds Read vulnerability in Radare Radare2 2.6.0
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.
local
low complexity
radare CWE-125
7.8
7.8
2018-06-13 CVE-2018-12320 Use After Free vulnerability in Radare Radare2 2.6.0
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
local
low complexity
radare CWE-416
7.8
7.8
2018-05-22 CVE-2018-11378 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 2.5.0
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
local
low complexity
radare CWE-119
7.8
7.8
2017-11-01 CVE-2017-16358 Out-of-bounds Read vulnerability in Radare Radare2 2.0.1
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
local
low complexity
radare CWE-125
7.8
7.8
2017-11-01 CVE-2017-16357 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 2.0.1
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free.
local
low complexity
radare CWE-119
7.8
7.8
2017-10-27 CVE-2017-15932 Out-of-bounds Read vulnerability in Radare Radare2 2.0.1
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.
local
low complexity
radare CWE-125
7.8
7.8
2017-10-27 CVE-2017-15931 Out-of-bounds Read vulnerability in Radare Radare2 2.0.1
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
local
low complexity
radare CWE-125
7.8
7.8