Information on source package radare2

Available versions

ReleaseVersion
jessie0.9.6-3.1+deb8u1
trixie5.9.4+dfsg-1
sid5.9.4+dfsg-1

Open issues

BugjessietrixiesidDescription
CVE-2024-48241vulnerablevulnerablevulnerableAn issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to c ...
CVE-2024-26475vulnerablefixedfixedAn issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...
CVE-2023-47016vulnerablefixedfixedradare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in l ...
CVE-2023-46570vulnerablefixedfixedAn out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...
CVE-2023-46569vulnerablefixedfixedAn out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...
CVE-2023-27114vulnerablefixedfixedradare2 v5.8.3 was discovered to contain a segmentation fault via the ...
CVE-2023-5686vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2023-4322vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2023-1605vulnerablefixedfixedDenial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...
CVE-2023-0302vulnerablefixedfixedFailure to Sanitize Special Elements into a Different Plane (Special E ...
CVE-2022-34520vulnerablefixedfixedRadare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...
CVE-2022-34502vulnerablefixedfixedRadare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...
CVE-2022-28073vulnerablefixedfixedA use after free in r_reg_set_value function in radare2 5.4.2 and 5.4. ...
CVE-2022-28072vulnerablefixedfixedA heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4 ...
CVE-2022-28071vulnerablefixedfixedA use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5 ...
CVE-2022-28070vulnerablefixedfixedA null pointer deference in __core_anal_fcn function in radare2 5.4.2 ...
CVE-2022-28069vulnerablefixedfixedA heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
CVE-2022-28068vulnerablefixedfixedA heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4. ...
CVE-2022-4398vulnerablefixedfixedInteger Overflow or Wraparound in GitHub repository radareorg/radare2 ...
CVE-2022-1899vulnerablefixedfixedOut-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...
CVE-2022-1809vulnerablefixedfixedAccess of Uninitialized Pointer in GitHub repository radareorg/radare2 ...
CVE-2022-1714vulnerablefixedfixedOut-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...
CVE-2022-1649vulnerablefixedfixedNull pointer dereference in libr/bin/format/mach0/mach0.c in radareorg ...
CVE-2022-1452vulnerablefixedfixedOut-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function i ...
CVE-2022-1451vulnerablefixedfixedOut-of-bounds Read in r_bin_java_constant_value_attr_new function in G ...
CVE-2022-1444vulnerablefixedfixedheap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...
CVE-2022-1437vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2022-1383vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2022-1382vulnerablefixedfixedNULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...
CVE-2022-1297vulnerablefixedfixedOut-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...
CVE-2022-1296vulnerablefixedfixedOut-of-bounds read in `r_bin_ne_get_relocs` function in GitHub reposit ...
CVE-2022-1284vulnerablefixedfixedheap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...
CVE-2022-1283vulnerablefixedfixedNULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...
CVE-2022-1244vulnerablefixedfixedheap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...
CVE-2022-1240vulnerablefixedfixedHeap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...
CVE-2022-1238vulnerablefixedfixedOut-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository ra ...
CVE-2022-1237vulnerablefixedfixedImproper Validation of Array Index in GitHub repository radareorg/rada ...
CVE-2022-1207vulnerablefixedfixedOut-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...
CVE-2022-1061vulnerablefixedfixedHeap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...
CVE-2022-1052vulnerablefixedfixedHeap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...
CVE-2022-1031vulnerablefixedfixedUse After Free in op_is_set_bp in GitHub repository radareorg/radare2 ...
CVE-2022-0849vulnerablefixedfixedUse After Free in r_reg_get_name_idx in GitHub repository radareorg/ra ...
CVE-2022-0713vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2022-0712vulnerablefixedfixedNULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...
CVE-2022-0695vulnerablefixedfixedDenial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...
CVE-2022-0676vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2022-0559vulnerablefixedfixedUse After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0523vulnerablefixedfixedUse After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0521vulnerablefixedfixedAccess of Memory Location After End of Buffer in GitHub repository rad ...
CVE-2022-0519vulnerablefixedfixedBuffer Access with Incorrect Length Value in GitHub repository radareo ...
CVE-2022-0518vulnerablefixedfixedHeap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...
CVE-2022-0476vulnerablefixedfixedDenial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...
CVE-2022-0419vulnerablefixedfixedNULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...
CVE-2022-0173vulnerablefixedfixedradare2 is vulnerable to Out-of-bounds Read
CVE-2022-0139vulnerablefixedfixedUse After Free in GitHub repository radareorg/radare2 prior to 5.6.0.
CVE-2021-44975vulnerablefixedfixedradareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ...
CVE-2021-44974vulnerablefixedfixedradareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Derefere ...
CVE-2021-32613vulnerablefixedfixedIn radare2 through 5.3.0 there is a double free vulnerability in the p ...
CVE-2021-32495vulnerablefixedfixedRadare2 has a use-after-free vulnerability in pyc parser's get_none_ob ...
CVE-2021-32494vulnerablefixedfixedRadare2 has a division by zero vulnerability in Mach-O parser's rebase ...
CVE-2021-4021vulnerablefixedfixedA vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...
CVE-2021-3673vulnerablefixedfixedA vulnerability was found in Radare2 in version 5.3.1. Improper input ...
CVE-2020-27795vulnerablefixedfixedA segmentation fault was discovered in radare2 with adf command. In li ...
CVE-2020-27794vulnerablefixedfixedA double free issue was discovered in radare2 in cmd_info.c:cmd_info() ...
CVE-2020-27793vulnerablefixedfixedAn off-by-one overflow flaw was found in radare2 due to mismatched arr ...
CVE-2020-17487vulnerablefixedfixedradare2 4.5.0 misparses signature information in PE files, causing a s ...
CVE-2020-16269vulnerablefixedfixedradare2 4.5.0 misparses DWARF information in executable files, causing ...
CVE-2020-15121vulnerablefixedfixedIn radare2 before version 4.5.0, malformed PDB file names in the PDB s ...
CVE-2019-19647vulnerable (no DSA)fixedfixedradare2 through 4.0.0 lacks validation of the content variable in the ...
CVE-2019-19590vulnerable (no DSA)fixedfixedIn radare2 through 4.0, there is an integer overflow for the variable ...
CVE-2019-14745vulnerable (no DSA)fixedfixedIn radare2 before 3.7.0, a command injection vulnerability exists in b ...
CVE-2019-12865vulnerable (no DSA)fixedfixedIn radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...
CVE-2019-12829vulnerable (no DSA)fixedfixedradare2 through 3.5.1 mishandles the RParse API, which allows remote a ...
CVE-2019-12802vulnerable (no DSA)fixedfixedIn radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...
CVE-2019-12790vulnerable (no DSA)fixedfixedIn radare2 through 3.5.1, there is a heap-based buffer over-read in th ...
CVE-2018-14017vulnerable (no DSA)fixedfixedThe r_bin_java_annotation_new function in shlr/java/class.c in radare2 ...
CVE-2018-14016vulnerable (no DSA)fixedfixedThe r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7. ...
CVE-2018-14015vulnerable (no DSA)fixedfixedThe sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote ...
CVE-2018-12322vulnerable (no DSA)fixedfixedThere is a heap out of bounds read in radare2 2.6.0 in _6502_op() in l ...
CVE-2018-12321vulnerable (no DSA)fixedfixedThere is a heap out of bounds read in radare2 2.6.0 in java_switch_op( ...
CVE-2018-12320vulnerable (no DSA)fixedfixedThere is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr ...
CVE-2018-11384vulnerable (no DSA)fixedfixedThe sh_op() function in radare2 2.5.0 allows remote attackers to cause ...
CVE-2018-11383vulnerable (no DSA)fixedfixedThe r_strbuf_fini() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11381vulnerable (no DSA)fixedfixedThe string_scan_range() function in radare2 2.5.0 allows remote attack ...
CVE-2018-11380vulnerable (no DSA)fixedfixedThe parse_import_ptr() function in radare2 2.5.0 allows remote attacke ...
CVE-2018-11379vulnerable (no DSA)fixedfixedThe get_debug_info() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11377vulnerable (no DSA)fixedfixedThe avr_op_analyze() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11376vulnerable (no DSA)fixedfixedThe r_read_le32() function in radare2 2.5.0 allows remote attackers to ...
CVE-2018-10187vulnerable (no DSA)fixedfixedIn radare2 2.5.0, there is a heap-based buffer over-read in the dalvik ...
CVE-2018-10186vulnerable (no DSA)fixedfixedIn radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_ ...
CVE-2018-8810vulnerable (no DSA)fixedfixedIn radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...
CVE-2018-8809vulnerable (no DSA)fixedfixedIn radare2 2.4.0, there is a heap-based buffer over-read in the dalvik ...
CVE-2018-8808vulnerable (no DSA)fixedfixedIn radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_ ...
CVE-2017-16805vulnerable (no DSA)fixedfixedIn radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...
CVE-2017-10929vulnerable (no DSA)fixedfixedThe grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...
CVE-2017-9949vulnerable (no DSA)fixedfixedThe grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...
CVE-2017-9763vulnerable (no DSA)fixedfixedThe grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...
CVE-2017-9762vulnerable (no DSA)fixedfixedThe cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...
CVE-2017-9761vulnerable (no DSA)fixedfixedThe find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remot ...
CVE-2017-9520vulnerable (no DSA)fixedfixedThe r_config_set function in libr/config/config.c in radare2 1.5.0 all ...
CVE-2017-7946vulnerable (no DSA)fixedfixedThe get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...
CVE-2017-6448vulnerable (no DSA)fixedfixedThe dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...
CVE-2017-6197vulnerable (no DSA)fixedfixedThe r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 all ...
CVE-2015-2305vulnerable (no DSA)fixedfixedInteger overflow in the regcomp implementation in the Henry Spencer BS ...

Resolved issues

BugDescription
CVE-2022-4843NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...
CVE-2019-16718In radare2 before 3.9.0, a command injection vulnerability exists in b ...
CVE-2018-20461In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c all ...
CVE-2018-20460In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch ...
CVE-2018-20459In radare2 through 3.1.3, the armass_assemble function in libr/asm/arc ...
CVE-2018-20458In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/ ...
CVE-2018-20457In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_ ...
CVE-2018-20456In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...
CVE-2018-20455In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...
CVE-2018-19843opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attack ...
CVE-2018-19842getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows att ...
CVE-2018-15834In radare2 before 2.9.0, a heap overflow vulnerability exists in the r ...
CVE-2018-11382The _inst__sts() function in radare2 2.5.0 allows remote attackers to ...
CVE-2018-11378The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ha ...
CVE-2018-11375The _inst__lds() function in radare2 2.5.0 allows remote attackers to ...
CVE-2017-16359In radare 2.0.1, a pointer wraparound vulnerability exists in store_ve ...
CVE-2017-16358In radare 2.0.1, an out-of-bounds read vulnerability exists in string_ ...
CVE-2017-16357In radare 2.0.1, a memory corruption vulnerability exists in store_ver ...
CVE-2017-15932In radare2 2.0.1, an integer exception (negative number leading to an ...
CVE-2017-15931In radare2 2.0.1, an integer exception (negative number leading to an ...
CVE-2017-15385The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...
CVE-2017-15368The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...
CVE-2017-7854The consume_init_expr function in wasm.c in radare2 1.3.0 allows remot ...
CVE-2017-7716The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 a ...
CVE-2017-7274The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...
CVE-2017-6415The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...
CVE-2017-6387The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 all ...
CVE-2017-6319The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...
CVE-2017-6194The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...

Security announcements

DSA / DLADescription
DLA-1016-1radare2 - security update
DLA-901-1radare2 - security update
DLA-837-1radare2 - security update

Search for package or bug name: Reporting problems