RSS   Vulnerabilities for 'Radare2'   RSS

2022-05-26
 
CVE-2022-1899

CWE-125
 

 
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.

 
2022-05-24
 
CVE-2021-44975

CWE-120
 

 
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.

 
2022-05-10
 
CVE-2022-1649

CWE-787
 

 
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).

 
2022-04-11
 
CVE-2022-1296

CWE-125
 

 
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

 
 
CVE-2022-1297

CWE-125
 

 
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

 
2022-04-08
 
CVE-2022-1283

CWE-476
 

 
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).

 
 
CVE-2022-1284

CWE-416
 

 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

 
2022-04-06
 
CVE-2022-1237

CWE-129
 

 
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

 
 
CVE-2022-1238

CWE-805
 

 
Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

 
 
CVE-2022-1240

CWE-787
 

 
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

 


Copyright 2022, cxsecurity.com

 

Back to Top