Radare ≫ Radare2

Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.

Use After Free in NPM radare2.js prior to 5.6.2.

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.

radare2 is vulnerable to Out-of-bounds Read

A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.