Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/radare2@2.5.0-1

Type alpm

Namespace archlinux

Name radare2

Version 2.5.0-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6.0-1

Latest_non_vulnerable_version 5.6-1

Affected_by_vulnerabilities

url VCID-2gc7-kn57-b3ak

vulnerability_id VCID-2gc7-kn57-b3ak

summary The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11378

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42132
published_at	2026-04-24T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42252
published_at	2026-04-18T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42184
published_at	2026-04-21T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42181
published_at	2026-04-01T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42239
published_at	2026-04-02T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42268
published_at	2026-04-09T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.4221
published_at	2026-04-07T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42261
published_at	2026-04-08T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42291
published_at	2026-04-11T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42254
published_at	2026-04-12T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42226
published_at	2026-04-13T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42277
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11378

reference_url	https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7

reference_url	https://github.com/radare/radare2/issues/9969
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9969

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11378

reference_id

CVE-2018-11378

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11378

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11378

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gc7-kn57-b3ak

url VCID-54v3-r36b-pqbt

vulnerability_id VCID-54v3-r36b-pqbt

summary The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11382

reference_id

reference_type

scores

value	0.00232
scoring_system	epss
scoring_elements	0.46025
published_at	2026-04-24T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46114
published_at	2026-04-18T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.4606
published_at	2026-04-21T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.45986
published_at	2026-04-01T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46037
published_at	2026-04-02T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46059
published_at	2026-04-09T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46006
published_at	2026-04-07T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46062
published_at	2026-04-08T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46084
published_at	2026-04-11T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46055
published_at	2026-04-12T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46063
published_at	2026-04-13T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46118
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11382

reference_url	https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff

reference_url	https://github.com/radare/radare2/issues/10091
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10091

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11382

reference_id

CVE-2018-11382

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11382

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11382

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54v3-r36b-pqbt

url VCID-627w-z5ne-kye4

vulnerability_id VCID-627w-z5ne-kye4

summary The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11381

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11381

reference_url	https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3

reference_url	https://github.com/radare/radare2/issues/9902
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9902

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11381

reference_id

CVE-2018-11381

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11381

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11381

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-627w-z5ne-kye4

url VCID-a4us-jxhs-nfgh

vulnerability_id VCID-a4us-jxhs-nfgh

summary The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11375

reference_id

reference_type

scores

value	0.00232
scoring_system	epss
scoring_elements	0.46025
published_at	2026-04-24T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46114
published_at	2026-04-18T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.4606
published_at	2026-04-21T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.45986
published_at	2026-04-01T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46037
published_at	2026-04-02T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46059
published_at	2026-04-09T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46006
published_at	2026-04-07T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46062
published_at	2026-04-08T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46084
published_at	2026-04-11T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46055
published_at	2026-04-12T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46063
published_at	2026-04-13T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46118
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11375

reference_url	https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68

reference_url	https://github.com/radare/radare2/issues/9928
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9928

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11375

reference_id

CVE-2018-11375

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11375

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11375

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4us-jxhs-nfgh

url VCID-ausu-fn3w-kueu

vulnerability_id VCID-ausu-fn3w-kueu

summary The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11379

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11379

reference_url	https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c

reference_url	https://github.com/radare/radare2/issues/9926
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9926

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11379

reference_id

CVE-2018-11379

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11379

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11379

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ausu-fn3w-kueu

url VCID-fuw5-x3dd-6yg8

vulnerability_id VCID-fuw5-x3dd-6yg8

summary The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11383

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11383

reference_url	https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a

reference_url	https://github.com/radare/radare2/issues/9943
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9943

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11383

reference_id

CVE-2018-11383

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11383

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11383

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuw5-x3dd-6yg8

url VCID-myn1-h1xa-5ba7

vulnerability_id VCID-myn1-h1xa-5ba7

summary The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11380

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11380

reference_url	https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134

reference_url	https://github.com/radare/radare2/issues/9970
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9970

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11380

reference_id

CVE-2018-11380

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11380

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11380

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myn1-h1xa-5ba7

url VCID-qvdt-rhku-v7cb

vulnerability_id VCID-qvdt-rhku-v7cb

summary The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11376

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11376

reference_url	https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf

reference_url	https://github.com/radare/radare2/issues/9904
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9904

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11376

reference_id

CVE-2018-11376

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11376

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11376

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvdt-rhku-v7cb

url VCID-sf7m-amp2-ebde

vulnerability_id VCID-sf7m-amp2-ebde

summary The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11377

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49032
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48984
published_at	2026-04-24T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49036
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48927
published_at	2026-04-01T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48963
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4899
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48944
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48998
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48994
published_at	2026-04-21T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49011
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11377

reference_url	https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4

reference_url	https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422

reference_url	https://github.com/radare/radare2/issues/9901
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9901

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11377

reference_id

CVE-2018-11377

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11377

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11377

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sf7m-amp2-ebde

url VCID-vemn-pw8w-y3dq

vulnerability_id VCID-vemn-pw8w-y3dq

summary The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11384

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48027
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11384

reference_url	https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add

reference_url	https://github.com/radare/radare2/issues/9903
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9903

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11384

reference_id

CVE-2018-11384

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11384

fixed_packages

url	pkg:alpm/archlinux/radare2@2.6.0-1
purl	pkg:alpm/archlinux/radare2@2.6.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.6.0-1

aliases CVE-2018-11384

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vemn-pw8w-y3dq

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/radare2@2.5.0-1

Package Instance