Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Radare Subscribe
Filtered by product Radare2
Total 160 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-8696 1 Radare 1 Radare2 2026-05-19 N/A 7.5 HIGH
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
CVE-2026-8695 1 Radare 1 Radare2 2026-05-18 N/A 7.5 HIGH
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
CVE-2017-7854 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVE-2017-7274 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
CVE-2017-16805 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
CVE-2017-16357 1 Radare 1 Radare2 2026-05-13 6.8 MEDIUM 7.8 HIGH
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
CVE-2017-6415 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.
CVE-2017-16359 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
CVE-2017-9762 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
CVE-2017-7716 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVE-2017-6197 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
CVE-2017-6387 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
CVE-2017-16358 1 Radare 1 Radare2 2026-05-13 6.8 MEDIUM 7.8 HIGH
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
CVE-2017-15368 1 Radare 1 Radare2 2026-05-13 6.8 MEDIUM 7.8 HIGH
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.
CVE-2017-9763 1 Radare 1 Radare2 2026-05-13 5.0 MEDIUM 7.5 HIGH
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
CVE-2017-9761 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2017-10929 1 Radare 1 Radare2 2026-05-13 6.8 MEDIUM 7.8 HIGH
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.
CVE-2017-6194 1 Radare 1 Radare2 2026-05-13 6.8 MEDIUM 7.8 HIGH
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
CVE-2017-9520 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
CVE-2017-7946 1 Radare 1 Radare2 2026-05-13 4.3 MEDIUM 5.5 MEDIUM
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.