Total
123 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19590 | 1 Radare | 1 Radare2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. | |||||
CVE-2019-19647 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. | |||||
CVE-2019-16718 | 1 Radare | 1 Radare2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. | |||||
CVE-2019-12802 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). | |||||
CVE-2019-14745 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | |||||
CVE-2019-12865 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. | |||||
CVE-2019-12829 | 1 Radare | 1 Radare2 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c. | |||||
CVE-2019-12790 | 1 Radare | 1 Radare2 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c. | |||||
CVE-2018-20460 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. | |||||
CVE-2018-20457 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459. | |||||
CVE-2018-15834 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | |||||
CVE-2018-14016 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. | |||||
CVE-2018-20458 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file. | |||||
CVE-2018-20461 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. | |||||
CVE-2018-20455 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. | |||||
CVE-2018-19842 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | |||||
CVE-2018-20459 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457. | |||||
CVE-2018-14017 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. | |||||
CVE-2018-19843 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | |||||
CVE-2018-14015 | 1 Radare | 1 Radare2 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. |