CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.1%
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. (CVE-2021-32613) A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. (CVE-2021-3673) A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. (CVE-2021-4021) radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. (CVE-2021-44974) radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. (CVE-2021-44975) radare2 is vulnerable to Out-of-bounds Read. (CVE-2022-0173) NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. (CVE-2022-0419) Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0476) Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0518) Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0519) Use After Free in NPM radare2.js prior to 5.6.2. (CVE-2022-0520) Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0521) Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. (CVE-2022-0522) Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0523) Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0559) Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0676) Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0695) NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0712) Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0713)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | radare2 | < 5.6.4-1 | radare2-5.6.4-1.mga8 |
Mageia | 8 | noarch | radare2-cutter | < 2.0.4-2 | radare2-cutter-2.0.4-2.mga8 |
Mageia | 8 | noarch | rizin | < 0.3.1-1 | rizin-0.3.1-1.mga8 |
bugs.mageia.org/show_bug.cgi?id=29163
census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
lists.fedoraproject.org/archives/list/[email protected]/thread/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/
lists.fedoraproject.org/archives/list/[email protected]/thread/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS/
lists.fedoraproject.org/archives/list/[email protected]/thread/JIARALLVVY2362AYFSFULTZKIW6QO5R5/
lists.fedoraproject.org/archives/list/[email protected]/thread/V2UL4V4XKSFJVNNUMFV443UJXGDBYGS4/
www.openwall.com/lists/oss-security/2022/05/25/1
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.1%