| Bug | jessie | trixie | sid | Description |
|---|
| CVE-2024-48241 | vulnerable | vulnerable | vulnerable | An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to c ... |
| CVE-2024-26475 | vulnerable | fixed | fixed | An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ... |
| CVE-2023-47016 | vulnerable | fixed | fixed | radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in l ... |
| CVE-2023-46570 | vulnerable | fixed | fixed | An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ... |
| CVE-2023-46569 | vulnerable | fixed | fixed | An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ... |
| CVE-2023-27114 | vulnerable | fixed | fixed | radare2 v5.8.3 was discovered to contain a segmentation fault via the ... |
| CVE-2023-5686 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2023-4322 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2023-1605 | vulnerable | fixed | fixed | Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ... |
| CVE-2023-0302 | vulnerable | fixed | fixed | Failure to Sanitize Special Elements into a Different Plane (Special E ... |
| CVE-2022-34520 | vulnerable | fixed | fixed | Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ... |
| CVE-2022-34502 | vulnerable | fixed | fixed | Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ... |
| CVE-2022-28073 | vulnerable | fixed | fixed | A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4. ... |
| CVE-2022-28072 | vulnerable | fixed | fixed | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4 ... |
| CVE-2022-28071 | vulnerable | fixed | fixed | A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5 ... |
| CVE-2022-28070 | vulnerable | fixed | fixed | A null pointer deference in __core_anal_fcn function in radare2 5.4.2 ... |
| CVE-2022-28069 | vulnerable | fixed | fixed | A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. |
| CVE-2022-28068 | vulnerable | fixed | fixed | A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4. ... |
| CVE-2022-4398 | vulnerable | fixed | fixed | Integer Overflow or Wraparound in GitHub repository radareorg/radare2 ... |
| CVE-2022-1899 | vulnerable | fixed | fixed | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ... |
| CVE-2022-1809 | vulnerable | fixed | fixed | Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ... |
| CVE-2022-1714 | vulnerable | fixed | fixed | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ... |
| CVE-2022-1649 | vulnerable | fixed | fixed | Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg ... |
| CVE-2022-1452 | vulnerable | fixed | fixed | Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function i ... |
| CVE-2022-1451 | vulnerable | fixed | fixed | Out-of-bounds Read in r_bin_java_constant_value_attr_new function in G ... |
| CVE-2022-1444 | vulnerable | fixed | fixed | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ... |
| CVE-2022-1437 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2022-1383 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2022-1382 | vulnerable | fixed | fixed | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ... |
| CVE-2022-1297 | vulnerable | fixed | fixed | Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ... |
| CVE-2022-1296 | vulnerable | fixed | fixed | Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub reposit ... |
| CVE-2022-1284 | vulnerable | fixed | fixed | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ... |
| CVE-2022-1283 | vulnerable | fixed | fixed | NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ... |
| CVE-2022-1244 | vulnerable | fixed | fixed | heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ... |
| CVE-2022-1240 | vulnerable | fixed | fixed | Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ... |
| CVE-2022-1238 | vulnerable | fixed | fixed | Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository ra ... |
| CVE-2022-1237 | vulnerable | fixed | fixed | Improper Validation of Array Index in GitHub repository radareorg/rada ... |
| CVE-2022-1207 | vulnerable | fixed | fixed | Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ... |
| CVE-2022-1061 | vulnerable | fixed | fixed | Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ... |
| CVE-2022-1052 | vulnerable | fixed | fixed | Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ... |
| CVE-2022-1031 | vulnerable | fixed | fixed | Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 ... |
| CVE-2022-0849 | vulnerable | fixed | fixed | Use After Free in r_reg_get_name_idx in GitHub repository radareorg/ra ... |
| CVE-2022-0713 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2022-0712 | vulnerable | fixed | fixed | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ... |
| CVE-2022-0695 | vulnerable | fixed | fixed | Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ... |
| CVE-2022-0676 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2022-0559 | vulnerable | fixed | fixed | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. |
| CVE-2022-0523 | vulnerable | fixed | fixed | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. |
| CVE-2022-0521 | vulnerable | fixed | fixed | Access of Memory Location After End of Buffer in GitHub repository rad ... |
| CVE-2022-0519 | vulnerable | fixed | fixed | Buffer Access with Incorrect Length Value in GitHub repository radareo ... |
| CVE-2022-0518 | vulnerable | fixed | fixed | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ... |
| CVE-2022-0476 | vulnerable | fixed | fixed | Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ... |
| CVE-2022-0419 | vulnerable | fixed | fixed | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ... |
| CVE-2022-0173 | vulnerable | fixed | fixed | radare2 is vulnerable to Out-of-bounds Read |
| CVE-2022-0139 | vulnerable | fixed | fixed | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. |
| CVE-2021-44975 | vulnerable | fixed | fixed | radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ... |
| CVE-2021-44974 | vulnerable | fixed | fixed | radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Derefere ... |
| CVE-2021-32613 | vulnerable | fixed | fixed | In radare2 through 5.3.0 there is a double free vulnerability in the p ... |
| CVE-2021-32495 | vulnerable | fixed | fixed | Radare2 has a use-after-free vulnerability in pyc parser's get_none_ob ... |
| CVE-2021-32494 | vulnerable | fixed | fixed | Radare2 has a division by zero vulnerability in Mach-O parser's rebase ... |
| CVE-2021-4021 | vulnerable | fixed | fixed | A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ... |
| CVE-2021-3673 | vulnerable | fixed | fixed | A vulnerability was found in Radare2 in version 5.3.1. Improper input ... |
| CVE-2020-27795 | vulnerable | fixed | fixed | A segmentation fault was discovered in radare2 with adf command. In li ... |
| CVE-2020-27794 | vulnerable | fixed | fixed | A double free issue was discovered in radare2 in cmd_info.c:cmd_info() ... |
| CVE-2020-27793 | vulnerable | fixed | fixed | An off-by-one overflow flaw was found in radare2 due to mismatched arr ... |
| CVE-2020-17487 | vulnerable | fixed | fixed | radare2 4.5.0 misparses signature information in PE files, causing a s ... |
| CVE-2020-16269 | vulnerable | fixed | fixed | radare2 4.5.0 misparses DWARF information in executable files, causing ... |
| CVE-2020-15121 | vulnerable | fixed | fixed | In radare2 before version 4.5.0, malformed PDB file names in the PDB s ... |
| CVE-2019-19647 | vulnerable (no DSA) | fixed | fixed | radare2 through 4.0.0 lacks validation of the content variable in the ... |
| CVE-2019-19590 | vulnerable (no DSA) | fixed | fixed | In radare2 through 4.0, there is an integer overflow for the variable ... |
| CVE-2019-14745 | vulnerable (no DSA) | fixed | fixed | In radare2 before 3.7.0, a command injection vulnerability exists in b ... |
| CVE-2019-12865 | vulnerable (no DSA) | fixed | fixed | In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ... |
| CVE-2019-12829 | vulnerable (no DSA) | fixed | fixed | radare2 through 3.5.1 mishandles the RParse API, which allows remote a ... |
| CVE-2019-12802 | vulnerable (no DSA) | fixed | fixed | In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ... |
| CVE-2019-12790 | vulnerable (no DSA) | fixed | fixed | In radare2 through 3.5.1, there is a heap-based buffer over-read in th ... |
| CVE-2018-14017 | vulnerable (no DSA) | fixed | fixed | The r_bin_java_annotation_new function in shlr/java/class.c in radare2 ... |
| CVE-2018-14016 | vulnerable (no DSA) | fixed | fixed | The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7. ... |
| CVE-2018-14015 | vulnerable (no DSA) | fixed | fixed | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote ... |
| CVE-2018-12322 | vulnerable (no DSA) | fixed | fixed | There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in l ... |
| CVE-2018-12321 | vulnerable (no DSA) | fixed | fixed | There is a heap out of bounds read in radare2 2.6.0 in java_switch_op( ... |
| CVE-2018-12320 | vulnerable (no DSA) | fixed | fixed | There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr ... |
| CVE-2018-11384 | vulnerable (no DSA) | fixed | fixed | The sh_op() function in radare2 2.5.0 allows remote attackers to cause ... |
| CVE-2018-11383 | vulnerable (no DSA) | fixed | fixed | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers ... |
| CVE-2018-11381 | vulnerable (no DSA) | fixed | fixed | The string_scan_range() function in radare2 2.5.0 allows remote attack ... |
| CVE-2018-11380 | vulnerable (no DSA) | fixed | fixed | The parse_import_ptr() function in radare2 2.5.0 allows remote attacke ... |
| CVE-2018-11379 | vulnerable (no DSA) | fixed | fixed | The get_debug_info() function in radare2 2.5.0 allows remote attackers ... |
| CVE-2018-11377 | vulnerable (no DSA) | fixed | fixed | The avr_op_analyze() function in radare2 2.5.0 allows remote attackers ... |
| CVE-2018-11376 | vulnerable (no DSA) | fixed | fixed | The r_read_le32() function in radare2 2.5.0 allows remote attackers to ... |
| CVE-2018-10187 | vulnerable (no DSA) | fixed | fixed | In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik ... |
| CVE-2018-10186 | vulnerable (no DSA) | fixed | fixed | In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_ ... |
| CVE-2018-8810 | vulnerable (no DSA) | fixed | fixed | In radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ... |
| CVE-2018-8809 | vulnerable (no DSA) | fixed | fixed | In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik ... |
| CVE-2018-8808 | vulnerable (no DSA) | fixed | fixed | In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_ ... |
| CVE-2017-16805 | vulnerable (no DSA) | fixed | fixed | In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ... |
| CVE-2017-10929 | vulnerable (no DSA) | fixed | fixed | The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ... |
| CVE-2017-9949 | vulnerable (no DSA) | fixed | fixed | The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ... |
| CVE-2017-9763 | vulnerable (no DSA) | fixed | fixed | The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ... |
| CVE-2017-9762 | vulnerable (no DSA) | fixed | fixed | The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ... |
| CVE-2017-9761 | vulnerable (no DSA) | fixed | fixed | The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remot ... |
| CVE-2017-9520 | vulnerable (no DSA) | fixed | fixed | The r_config_set function in libr/config/config.c in radare2 1.5.0 all ... |
| CVE-2017-7946 | vulnerable (no DSA) | fixed | fixed | The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ... |
| CVE-2017-6448 | vulnerable (no DSA) | fixed | fixed | The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ... |
| CVE-2017-6197 | vulnerable (no DSA) | fixed | fixed | The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 all ... |
| CVE-2015-2305 | vulnerable (no DSA) | fixed | fixed | Integer overflow in the regcomp implementation in the Henry Spencer BS ... |
| Bug | Description |
|---|
| CVE-2022-4843 | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ... |
| CVE-2019-16718 | In radare2 before 3.9.0, a command injection vulnerability exists in b ... |
| CVE-2018-20461 | In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c all ... |
| CVE-2018-20460 | In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch ... |
| CVE-2018-20459 | In radare2 through 3.1.3, the armass_assemble function in libr/asm/arc ... |
| CVE-2018-20458 | In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/ ... |
| CVE-2018-20457 | In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_ ... |
| CVE-2018-20456 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ... |
| CVE-2018-20455 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ... |
| CVE-2018-19843 | opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attack ... |
| CVE-2018-19842 | getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows att ... |
| CVE-2018-15834 | In radare2 before 2.9.0, a heap overflow vulnerability exists in the r ... |
| CVE-2018-11382 | The _inst__sts() function in radare2 2.5.0 allows remote attackers to ... |
| CVE-2018-11378 | The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ha ... |
| CVE-2018-11375 | The _inst__lds() function in radare2 2.5.0 allows remote attackers to ... |
| CVE-2017-16359 | In radare 2.0.1, a pointer wraparound vulnerability exists in store_ve ... |
| CVE-2017-16358 | In radare 2.0.1, an out-of-bounds read vulnerability exists in string_ ... |
| CVE-2017-16357 | In radare 2.0.1, a memory corruption vulnerability exists in store_ver ... |
| CVE-2017-15932 | In radare2 2.0.1, an integer exception (negative number leading to an ... |
| CVE-2017-15931 | In radare2 2.0.1, an integer exception (negative number leading to an ... |
| CVE-2017-15385 | The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ... |
| CVE-2017-15368 | The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ... |
| CVE-2017-7854 | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remot ... |
| CVE-2017-7716 | The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 a ... |
| CVE-2017-7274 | The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ... |
| CVE-2017-6415 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ... |
| CVE-2017-6387 | The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 all ... |
| CVE-2017-6319 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ... |
| CVE-2017-6194 | The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ... |