radare2.js is vulnerable to denial of service. The vulnerability exists due to the out-of-bound read in the library, allowing an attacker to access the memory location beyond the buffer length, leading to an application crash.
github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
github.com/radareorg/radare2/pull/19671
huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3/
lists.fedoraproject.org/archives/list/[email protected]/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D/
lists.fedoraproject.org/archives/list/[email protected]/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/