Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid

Type deb

Namespace debian

Name radare2

Version 6.0.7+ds-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-12eh-yc81-afaa

vulnerability_id VCID-12eh-yc81-afaa

summary The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6415

reference_id

reference_type

scores

value	0.00231
scoring_system	epss
scoring_elements	0.45833
published_at	2026-04-01T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45879
published_at	2026-04-02T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45901
published_at	2026-04-04T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45851
published_at	2026-04-07T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45907
published_at	2026-04-08T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45904
published_at	2026-04-13T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45927
published_at	2026-04-11T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45897
published_at	2026-04-12T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45956
published_at	2026-04-16T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45951
published_at	2026-04-18T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45896
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6415

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572
reference_id	856572
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-6415

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12eh-yc81-afaa

url VCID-1h97-tkwz-8kfr

vulnerability_id VCID-1h97-tkwz-8kfr

summary A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5641

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35281
published_at	2026-04-04T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35253
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35153
published_at	2026-04-21T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35201
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35215
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35176
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.352
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35232
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35206
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35162
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5641

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24230

reference_id

24230

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://github.com/radareorg/radare2/issues/24230

reference_url

https://github.com/radareorg/radare2/issues/24230#issuecomment-2919612676

reference_id

24230#issuecomment-2919612676

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://github.com/radareorg/radare2/issues/24230#issuecomment-2919612676

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311129

reference_id

?ctiid.311129

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://vuldb.com/?ctiid.311129

reference_url

https://vuldb.com/?id.311129

reference_id

?id.311129

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://vuldb.com/?id.311129

reference_url

https://vuldb.com/?submit.586909

reference_id

?submit.586909

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://vuldb.com/?submit.586909

reference_url

https://drive.google.com/file/d/1oG5IC7qhL_SJsIHpnWp7MZlWJGYt8qWZ/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/

url

https://drive.google.com/file/d/1oG5IC7qhL_SJsIHpnWp7MZlWJGYt8qWZ/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5641

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h97-tkwz-8kfr

url VCID-1jmy-vuq8-8ufa

vulnerability_id VCID-1jmy-vuq8-8ufa

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0713

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.5687
published_at	2026-04-01T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56966
published_at	2026-04-02T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56988
published_at	2026-04-04T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56964
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57015
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57017
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57029
published_at	2026-04-11T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57008
published_at	2026-04-12T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56985
published_at	2026-04-13T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57014
published_at	2026-04-16T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57011
published_at	2026-04-18T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56987
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0713

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0713

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jmy-vuq8-8ufa

url VCID-1peb-3y84-tfft

vulnerability_id VCID-1peb-3y84-tfft

summary In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20460

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.41001
published_at	2026-04-21T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41075
published_at	2026-04-18T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40998
published_at	2026-04-01T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41079
published_at	2026-04-02T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41111
published_at	2026-04-11T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41037
published_at	2026-04-07T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41086
published_at	2026-04-08T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41093
published_at	2026-04-09T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41077
published_at	2026-04-12T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41061
published_at	2026-04-13T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41104
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20460

reference_url	https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf

reference_url	https://github.com/radare/radare2/issues/12376
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12376

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20460

reference_id

CVE-2018-20460

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20460

fixed_packages

url	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20460

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1peb-3y84-tfft

url VCID-1pp7-8yu7-8kfy

vulnerability_id VCID-1pp7-8yu7-8kfy

summary There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12322

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33901
published_at	2026-04-21T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33933
published_at	2026-04-18T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33674
published_at	2026-04-01T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.34018
published_at	2026-04-02T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.34049
published_at	2026-04-04T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33904
published_at	2026-04-07T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33946
published_at	2026-04-08T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33978
published_at	2026-04-09T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33977
published_at	2026-04-11T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33934
published_at	2026-04-12T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.3391
published_at	2026-04-13T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33948
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12322

reference_url	https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017

reference_url	https://github.com/radare/radare2/issues/10294
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10294

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628
reference_id	901628
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12322

reference_id

CVE-2018-12322

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12322

fixed_packages

url	pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-12322

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pp7-8yu7-8kfy

url VCID-27ek-n7rv-1fdw

vulnerability_id VCID-27ek-n7rv-1fdw

summary The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9762

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42314
published_at	2026-04-01T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42387
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42417
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42357
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42405
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42413
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42436
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42399
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4237
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42419
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42394
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42322
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9762

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869426
reference_id	869426
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869426

fixed_packages

url	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-9762

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27ek-n7rv-1fdw

url VCID-2c7v-zpy1-vba9

vulnerability_id VCID-2c7v-zpy1-vba9

summary The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6448

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48057
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48101
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47986
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48024
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48045
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47994
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48047
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48041
published_at	2026-04-09T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48065
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48042
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48053
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48106
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6448

reference_url	https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257

reference_url	https://github.com/radare/radare2/issues/6885
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/6885

reference_url	http://www.securityfocus.com/bid/97313
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97313

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859447
reference_id	859447
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859447

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-6448

reference_id

CVE-2017-6448

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-6448

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-4%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-6448

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c7v-zpy1-vba9

url VCID-2gc7-kn57-b3ak

vulnerability_id VCID-2gc7-kn57-b3ak

summary The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11378

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42184
published_at	2026-04-21T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42277
published_at	2026-04-16T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42252
published_at	2026-04-18T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42181
published_at	2026-04-01T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42239
published_at	2026-04-02T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42268
published_at	2026-04-09T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.4221
published_at	2026-04-07T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42261
published_at	2026-04-08T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42291
published_at	2026-04-11T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42254
published_at	2026-04-12T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42226
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11378

reference_url	https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7

reference_url	https://github.com/radare/radare2/issues/9969
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9969

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11378

reference_id

CVE-2018-11378

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11378

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11378

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gc7-kn57-b3ak

url VCID-2hsg-v6h9-e7er

vulnerability_id VCID-2hsg-v6h9-e7er

summary A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28071

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26621
published_at	2026-04-21T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26834
published_at	2026-04-02T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26873
published_at	2026-04-04T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2666
published_at	2026-04-18T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26728
published_at	2026-04-08T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26778
published_at	2026-04-09T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26782
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26738
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26681
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2669
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28071

reference_url

https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5

reference_id

65448811e5b9582a19cf631e03cfcaa025a92ef5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:37Z/

url

https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-28071

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsg-v6h9-e7er

url VCID-2m2p-3v1v-3ueq

vulnerability_id VCID-2m2p-3v1v-3ueq

summary In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20455

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.39315
published_at	2026-04-21T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39402
published_at	2026-04-18T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39249
published_at	2026-04-01T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39416
published_at	2026-04-02T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3944
published_at	2026-04-04T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39354
published_at	2026-04-07T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3941
published_at	2026-04-08T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39425
published_at	2026-04-09T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39437
published_at	2026-04-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39398
published_at	2026-04-12T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3938
published_at	2026-04-13T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39431
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20455

reference_url	https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185

reference_url	https://github.com/radare/radare2/issues/12373
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12373

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20455

reference_id

CVE-2018-20455

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20455

fixed_packages

url	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20455

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m2p-3v1v-3ueq

url VCID-2r7v-s8mc-e7gr

vulnerability_id VCID-2r7v-s8mc-e7gr

summary radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-60360

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04875
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04731
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04741
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04764
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04779
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04812
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04825
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0479
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0477
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04723
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-60360

reference_url

https://github.com/radareorg/radare2/pull/24245

reference_id

24245

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:31:14Z/

url

https://github.com/radareorg/radare2/pull/24245

reference_url	https://usn.ubuntu.com/7915-1/
reference_id	USN-7915-1
reference_type
scores
url	https://usn.ubuntu.com/7915-1/

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-60360

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7v-s8mc-e7gr

url VCID-2u2h-ryzx-wker

vulnerability_id VCID-2u2h-ryzx-wker

summary The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9949

reference_id

reference_type

scores

value	0.00338
scoring_system	epss
scoring_elements	0.56526
published_at	2026-04-01T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56623
published_at	2026-04-07T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56644
published_at	2026-04-21T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56674
published_at	2026-04-08T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56679
published_at	2026-04-09T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56688
published_at	2026-04-11T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56663
published_at	2026-04-12T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56642
published_at	2026-04-13T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56673
published_at	2026-04-16T12:55:00Z

value	0.00338
scoring_system	epss
scoring_elements	0.56672
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9949

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068
reference_id	866068
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068

fixed_packages

url	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-9949

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u2h-ryzx-wker

url VCID-2y64-np9y-zyfz

vulnerability_id VCID-2y64-np9y-zyfz

summary A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5648

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35253
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35153
published_at	2026-04-21T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35201
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35215
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35176
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.352
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35232
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35206
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35162
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35281
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5648

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24238

reference_id

24238

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://github.com/radareorg/radare2/issues/24238

reference_url

https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876

reference_id

24238#issuecomment-2918850876

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311136

reference_id

?ctiid.311136

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://vuldb.com/?ctiid.311136

reference_url

https://vuldb.com/?id.311136

reference_id

?id.311136

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://vuldb.com/?id.311136

reference_url

https://vuldb.com/?submit.586929

reference_id

?submit.586929

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://vuldb.com/?submit.586929

reference_url

https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5648

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2y64-np9y-zyfz

url VCID-378y-5cww-y7eb

vulnerability_id VCID-378y-5cww-y7eb

summary radare2 v5.9.8 and before contains a memory leak in the function bochs_open.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-60361

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.04976
published_at	2026-04-21T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04831
published_at	2026-04-18T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04832
published_at	2026-04-02T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04858
published_at	2026-04-04T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04875
published_at	2026-04-13T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04912
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04929
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04893
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04822
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-60361

reference_url

https://github.com/radareorg/radare2/pull/24312

reference_id

24312

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:45:38Z/

url

https://github.com/radareorg/radare2/pull/24312

reference_url	https://usn.ubuntu.com/7915-1/
reference_id	USN-7915-1
reference_type
scores
url	https://usn.ubuntu.com/7915-1/

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-60361

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-378y-5cww-y7eb

url VCID-3px7-6e74-cqfe

vulnerability_id VCID-3px7-6e74-cqfe

summary In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12865

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54482
published_at	2026-04-21T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54502
published_at	2026-04-16T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54505
published_at	2026-04-18T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54474
published_at	2026-04-04T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54443
published_at	2026-04-07T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54495
published_at	2026-04-08T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54489
published_at	2026-04-09T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54501
published_at	2026-04-11T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54484
published_at	2026-04-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54463
published_at	2026-04-13T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55654
published_at	2026-04-02T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55542
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12865

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704
reference_id	930704
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704

fixed_packages

url	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-12865

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3px7-6e74-cqfe

url VCID-3r1r-24qj-zyef

vulnerability_id VCID-3r1r-24qj-zyef

summary In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16718

reference_id

reference_type

scores

value	0.0134
scoring_system	epss
scoring_elements	0.80039
published_at	2026-04-21T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80038
published_at	2026-04-18T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79959
published_at	2026-04-01T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79967
published_at	2026-04-02T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79988
published_at	2026-04-04T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.79977
published_at	2026-04-07T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80005
published_at	2026-04-08T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80014
published_at	2026-04-09T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80034
published_at	2026-04-11T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.80018
published_at	2026-04-12T12:55:00Z

value	0.0134
scoring_system	epss
scoring_elements	0.8001
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16718

reference_url	https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af

reference_url	https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7

reference_url	https://github.com/radareorg/radare2/compare/3.8.0...3.9.0
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/compare/3.8.0...3.9.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16718

reference_id

CVE-2019-16718

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16718

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-16718

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3r1r-24qj-zyef

url VCID-3wjf-z8kn-23g1

vulnerability_id VCID-3wjf-z8kn-23g1

summary In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12790

reference_id

reference_type

scores

value	0.00481
scoring_system	epss
scoring_elements	0.65035
published_at	2026-04-01T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65085
published_at	2026-04-02T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65112
published_at	2026-04-04T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65075
published_at	2026-04-07T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65125
published_at	2026-04-08T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65138
published_at	2026-04-09T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65157
published_at	2026-04-11T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65147
published_at	2026-04-12T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.6512
published_at	2026-04-13T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65156
published_at	2026-04-16T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65166
published_at	2026-04-18T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65149
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12790

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344
reference_id	930344
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344

fixed_packages

url	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-12790

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wjf-z8kn-23g1

url VCID-41wv-efp7-23cn

vulnerability_id VCID-41wv-efp7-23cn

summary In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16357

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.43953
published_at	2026-04-21T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44017
published_at	2026-04-18T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43943
published_at	2026-04-01T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43991
published_at	2026-04-02T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44014
published_at	2026-04-04T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43944
published_at	2026-04-07T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43995
published_at	2026-04-08T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43998
published_at	2026-04-09T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44013
published_at	2026-04-11T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4398
published_at	2026-04-12T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.43965
published_at	2026-04-13T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44026
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16357

reference_url	https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a

reference_url	https://github.com/radare/radare2/issues/8742
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8742

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880620
reference_id	880620
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880620

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16357

reference_id

CVE-2017-16357

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16357

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-16357

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41wv-efp7-23cn

url VCID-428v-jh9w-g3g6

vulnerability_id VCID-428v-jh9w-g3g6

summary grub2: Stack exhaustion in grub_ext2_read_block

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9763

reference_id

reference_type

scores

value	0.01357
scoring_system	epss
scoring_elements	0.80082
published_at	2026-04-01T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80162
published_at	2026-04-21T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80158
published_at	2026-04-16T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80159
published_at	2026-04-18T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80089
published_at	2026-04-02T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80109
published_at	2026-04-04T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80097
published_at	2026-04-07T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80127
published_at	2026-04-08T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80133
published_at	2026-04-09T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80152
published_at	2026-04-11T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80136
published_at	2026-04-12T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80128
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:C

value	4.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1463361
reference_id	1463361
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1463361

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423
reference_id	869423
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423

fixed_packages

url	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-9763

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-428v-jh9w-g3g6

url VCID-4b1u-hdsa-zfb9

vulnerability_id VCID-4b1u-hdsa-zfb9

summary The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6197

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.51384
published_at	2026-04-01T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51435
published_at	2026-04-02T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51461
published_at	2026-04-04T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51421
published_at	2026-04-07T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51475
published_at	2026-04-08T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51473
published_at	2026-04-09T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51516
published_at	2026-04-11T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51495
published_at	2026-04-12T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51482
published_at	2026-04-13T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51524
published_at	2026-04-16T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51533
published_at	2026-04-18T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51511
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6197

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063
reference_id	856063
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-2?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-2%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-6197

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b1u-hdsa-zfb9

url VCID-4vtd-8wb9-mqg9

vulnerability_id VCID-4vtd-8wb9-mqg9

summary The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7946

reference_id

reference_type

scores

value	0.00207
scoring_system	epss
scoring_elements	0.43099
published_at	2026-04-21T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43165
published_at	2026-04-18T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43051
published_at	2026-04-01T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.4311
published_at	2026-04-02T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43138
published_at	2026-04-04T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43076
published_at	2026-04-07T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43129
published_at	2026-04-08T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43142
published_at	2026-04-09T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43163
published_at	2026-04-11T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.4313
published_at	2026-04-12T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43115
published_at	2026-04-13T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43175
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7946

reference_url	https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92

reference_url	https://github.com/radare/radare2/issues/7301
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/7301

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860962
reference_id	860962
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860962

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7946

reference_id

CVE-2017-7946

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7946

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-5?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-5?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-5%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-7946

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vtd-8wb9-mqg9

url VCID-54v3-r36b-pqbt

vulnerability_id VCID-54v3-r36b-pqbt

summary The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11382

reference_id

reference_type

scores

value	0.00232
scoring_system	epss
scoring_elements	0.4606
published_at	2026-04-21T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46118
published_at	2026-04-16T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46114
published_at	2026-04-18T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.45986
published_at	2026-04-01T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46037
published_at	2026-04-02T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46059
published_at	2026-04-09T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46006
published_at	2026-04-07T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46062
published_at	2026-04-08T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46084
published_at	2026-04-11T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46055
published_at	2026-04-12T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46063
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11382

reference_url	https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff

reference_url	https://github.com/radare/radare2/issues/10091
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10091

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11382

reference_id

CVE-2018-11382

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11382

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11382

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54v3-r36b-pqbt

url VCID-56w7-1t75-ckc9

vulnerability_id VCID-56w7-1t75-ckc9

summary The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7854

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.48971
published_at	2026-04-21T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4901
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48901
published_at	2026-04-01T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48938
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48964
published_at	2026-04-04T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48918
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48972
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48969
published_at	2026-04-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48986
published_at	2026-04-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4896
published_at	2026-04-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48967
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49013
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7854

reference_url	https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4

reference_url	https://github.com/radare/radare2/issues/7265
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/7265

reference_url	http://www.securityfocus.com/bid/97648
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97648

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7854

reference_id

CVE-2017-7854

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7854

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-7854

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56w7-1t75-ckc9

url VCID-5hrv-qq76-mbcd

vulnerability_id VCID-5hrv-qq76-mbcd

summary The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6387

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46217
published_at	2026-04-01T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46259
published_at	2026-04-02T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46278
published_at	2026-04-04T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46225
published_at	2026-04-07T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46281
published_at	2026-04-08T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46282
published_at	2026-04-09T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46305
published_at	2026-04-11T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46277
published_at	2026-04-12T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46286
published_at	2026-04-13T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46343
published_at	2026-04-16T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46339
published_at	2026-04-18T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46284
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6387

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574
reference_id	856574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-6387

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hrv-qq76-mbcd

url VCID-5kmb-6m89-6uc6

vulnerability_id VCID-5kmb-6m89-6uc6

summary A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28072

reference_id

reference_type

scores

value	0.00576
scoring_system	epss
scoring_elements	0.68804
published_at	2026-04-21T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68726
published_at	2026-04-02T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68746
published_at	2026-04-04T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68724
published_at	2026-04-07T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68776
published_at	2026-04-08T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68795
published_at	2026-04-09T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68817
published_at	2026-04-11T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68803
published_at	2026-04-12T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68774
published_at	2026-04-13T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68815
published_at	2026-04-16T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68826
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28072

reference_url

https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45

reference_id

027cd9b7274988bb1af866539ba6c2fa2ff63e45

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:38:19Z/

url

https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-28072

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kmb-6m89-6uc6

url VCID-5msy-yj5v-myc7

vulnerability_id VCID-5msy-yj5v-myc7

summary In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20457

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.3733
published_at	2026-04-21T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37386
published_at	2026-04-18T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37328
published_at	2026-04-01T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3749
published_at	2026-04-02T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37515
published_at	2026-04-04T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37343
published_at	2026-04-07T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37394
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37407
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37419
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37384
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37357
published_at	2026-04-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37403
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20457

reference_url	https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7

reference_url	https://github.com/radare/radare2/issues/12417
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12417

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322
reference_id	917322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20457

reference_id

CVE-2018-20457

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20457

fixed_packages

url	pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.2.1%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20457

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5msy-yj5v-myc7

url VCID-5q53-gqkq-27ev

vulnerability_id VCID-5q53-gqkq-27ev

summary The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14016

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14016

reference_url	https://github.com/radareorg/radare2/commit/eb7deb281df54771fb8ecf5890dc325a7d22d3e2
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/eb7deb281df54771fb8ecf5890dc325a7d22d3e2

reference_url	https://github.com/radare/radare2/issues/10464
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10464

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903725
reference_id	903725
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903725

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14016

reference_id

CVE-2018-14016

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14016

fixed_packages

url	pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-14016

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q53-gqkq-27ev

url VCID-5rv8-9w1a-9yag

vulnerability_id VCID-5rv8-9w1a-9yag

summary heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1284

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.51996
published_at	2026-04-01T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52043
published_at	2026-04-02T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52069
published_at	2026-04-04T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52035
published_at	2026-04-07T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52089
published_at	2026-04-08T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52086
published_at	2026-04-09T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52138
published_at	2026-04-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52121
published_at	2026-04-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52107
published_at	2026-04-13T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52147
published_at	2026-04-16T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.5215
published_at	2026-04-18T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52132
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1284

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1284

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv8-9w1a-9yag

url VCID-5xy5-6f5d-83c7

vulnerability_id VCID-5xy5-6f5d-83c7

summary Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1297

reference_id

reference_type

scores

value	0.00297
scoring_system	epss
scoring_elements	0.52944
published_at	2026-04-01T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52969
published_at	2026-04-02T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52994
published_at	2026-04-04T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52961
published_at	2026-04-07T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53012
published_at	2026-04-08T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53006
published_at	2026-04-09T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53055
published_at	2026-04-11T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.5304
published_at	2026-04-12T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53023
published_at	2026-04-13T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53061
published_at	2026-04-16T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53068
published_at	2026-04-18T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.5305
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1297

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1297

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xy5-6f5d-83c7

url VCID-627w-z5ne-kye4

vulnerability_id VCID-627w-z5ne-kye4

summary The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11381

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11381

reference_url	https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3

reference_url	https://github.com/radare/radare2/issues/9902
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9902

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11381

reference_id

CVE-2018-11381

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11381

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11381

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-627w-z5ne-kye4

url VCID-6bbs-9d9s-mfeq

vulnerability_id VCID-6bbs-9d9s-mfeq

summary A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5647

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35253
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35153
published_at	2026-04-21T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35201
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35215
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35176
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.352
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35232
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35206
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35162
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35281
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5647

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24237

reference_id

24237

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://github.com/radareorg/radare2/issues/24237

reference_url

https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137

reference_id

24237#issuecomment-2918846137

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311135

reference_id

?ctiid.311135

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://vuldb.com/?ctiid.311135

reference_url

https://vuldb.com/?id.311135

reference_id

?id.311135

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://vuldb.com/?id.311135

reference_url

https://vuldb.com/?submit.586928

reference_id

?submit.586928

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://vuldb.com/?submit.586928

reference_url

https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/

url

https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5647

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bbs-9d9s-mfeq

url VCID-6s39-wdz1-yuhz

vulnerability_id VCID-6s39-wdz1-yuhz

summary radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19647

reference_id

reference_type

scores

value	0.0049
scoring_system	epss
scoring_elements	0.65496
published_at	2026-04-01T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65544
published_at	2026-04-02T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65575
published_at	2026-04-04T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.6554
published_at	2026-04-07T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65593
published_at	2026-04-08T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65605
published_at	2026-04-09T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65624
published_at	2026-04-11T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.6561
published_at	2026-04-12T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65582
published_at	2026-04-13T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65617
published_at	2026-04-16T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65629
published_at	2026-04-18T12:55:00Z

value	0.0049
scoring_system	epss
scoring_elements	0.65613
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19647

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947402
reference_id	947402
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947402

fixed_packages

url	pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@4.2.1%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-19647

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6s39-wdz1-yuhz

url VCID-6zbf-v2qf-kudb

vulnerability_id VCID-6zbf-v2qf-kudb

summary Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1296

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51594
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51645
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5167
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51631
published_at	2026-04-07T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51685
published_at	2026-04-08T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51681
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5173
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51708
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51692
published_at	2026-04-13T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51733
published_at	2026-04-16T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5174
published_at	2026-04-18T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5172
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1296

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1296

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zbf-v2qf-kudb

url VCID-71pg-p4ht-pudf

vulnerability_id VCID-71pg-p4ht-pudf

summary A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27795

reference_id

reference_type

scores

value	0.00528
scoring_system	epss
scoring_elements	0.67072
published_at	2026-04-01T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.6711
published_at	2026-04-02T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67133
published_at	2026-04-04T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67108
published_at	2026-04-07T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67157
published_at	2026-04-08T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.6717
published_at	2026-04-09T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67189
published_at	2026-04-11T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67175
published_at	2026-04-12T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67144
published_at	2026-04-13T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67178
published_at	2026-04-16T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67192
published_at	2026-04-18T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67173
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27795

fixed_packages

url	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2020-27795

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71pg-p4ht-pudf

url VCID-73nh-61r2-4kfr

vulnerability_id VCID-73nh-61r2-4kfr

summary getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19842

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54373
published_at	2026-04-01T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54452
published_at	2026-04-02T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54474
published_at	2026-04-04T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54443
published_at	2026-04-07T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54495
published_at	2026-04-08T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54489
published_at	2026-04-09T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54501
published_at	2026-04-11T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54484
published_at	2026-04-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54463
published_at	2026-04-13T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54502
published_at	2026-04-16T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54505
published_at	2026-04-18T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54482
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19842

fixed_packages

url	pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-19842

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73nh-61r2-4kfr

url VCID-797x-2rdg-efbq

vulnerability_id VCID-797x-2rdg-efbq

summary In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19590

reference_id

reference_type

scores

value	0.03052
scoring_system	epss
scoring_elements	0.86636
published_at	2026-04-01T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86647
published_at	2026-04-02T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86667
published_at	2026-04-04T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86666
published_at	2026-04-07T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86684
published_at	2026-04-08T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86694
published_at	2026-04-09T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86708
published_at	2026-04-11T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86705
published_at	2026-04-12T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86698
published_at	2026-04-13T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86711
published_at	2026-04-21T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86717
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19590

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947791
reference_id	947791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947791

fixed_packages

url	pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@4.2.1%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-19590

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-797x-2rdg-efbq

url VCID-7f5v-63rw-47c5

vulnerability_id VCID-7f5v-63rw-47c5

summary radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44975

reference_id

reference_type

scores

value	0.00317
scoring_system	epss
scoring_elements	0.54786
published_at	2026-04-21T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.5468
published_at	2026-04-01T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.5475
published_at	2026-04-02T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54773
published_at	2026-04-04T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54743
published_at	2026-04-07T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54793
published_at	2026-04-08T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.5479
published_at	2026-04-09T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54802
published_at	2026-04-16T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54785
published_at	2026-04-12T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54764
published_at	2026-04-13T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54804
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44975

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490
reference_id	1014490
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490

reference_url

https://security.archlinux.org/AVG-2748

reference_id

AVG-2748

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2748

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-44975

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f5v-63rw-47c5

url VCID-7gtx-pkzb-yqcz

vulnerability_id VCID-7gtx-pkzb-yqcz

summary radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12829

reference_id

reference_type

scores

value	0.00784
scoring_system	epss
scoring_elements	0.73702
published_at	2026-04-01T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73712
published_at	2026-04-02T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73735
published_at	2026-04-04T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73707
published_at	2026-04-07T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73742
published_at	2026-04-08T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73755
published_at	2026-04-09T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73778
published_at	2026-04-11T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73759
published_at	2026-04-12T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.7375
published_at	2026-04-13T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73792
published_at	2026-04-16T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73801
published_at	2026-04-18T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73791
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12829

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590
reference_id	930590
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590

fixed_packages

url	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-12829

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gtx-pkzb-yqcz

url VCID-7hzf-vk9r-dfh1

vulnerability_id VCID-7hzf-vk9r-dfh1

summary heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1244

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.51996
published_at	2026-04-01T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52043
published_at	2026-04-02T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52069
published_at	2026-04-04T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52035
published_at	2026-04-07T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52089
published_at	2026-04-08T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52086
published_at	2026-04-09T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52138
published_at	2026-04-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52121
published_at	2026-04-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52107
published_at	2026-04-13T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52147
published_at	2026-04-16T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.5215
published_at	2026-04-18T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52132
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1244

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1244

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hzf-vk9r-dfh1

url VCID-7j2z-8s5s-6ugb

vulnerability_id VCID-7j2z-8s5s-6ugb

summary In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20461

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.39367
published_at	2026-04-21T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39453
published_at	2026-04-18T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39303
published_at	2026-04-01T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39465
published_at	2026-04-02T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39489
published_at	2026-04-04T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39402
published_at	2026-04-07T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39458
published_at	2026-04-08T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39473
published_at	2026-04-09T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39484
published_at	2026-04-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39446
published_at	2026-04-12T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39429
published_at	2026-04-13T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3948
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20461

reference_url	https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267

reference_url	https://github.com/radare/radare2/issues/12375
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12375

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20461

reference_id

CVE-2018-20461

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20461

fixed_packages

url	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20461

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j2z-8s5s-6ugb

url VCID-7jxc-2agn-8kd2

vulnerability_id VCID-7jxc-2agn-8kd2

summary A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28070

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.26886
published_at	2026-04-21T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26947
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27093
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2713
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26921
published_at	2026-04-18T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2699
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27035
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27038
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26994
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26937
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28070

reference_url

https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0

reference_id

4aff1bb00224de4f5bc118f987dfd5d2fe3450d0

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:31:03Z/

url

https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-28070

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jxc-2agn-8kd2

url VCID-7p7w-jwbj-guea

vulnerability_id VCID-7p7w-jwbj-guea

summary In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16359

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41171
published_at	2026-04-21T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41243
published_at	2026-04-18T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41149
published_at	2026-04-01T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41241
published_at	2026-04-02T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.4127
published_at	2026-04-04T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41196
published_at	2026-04-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41244
published_at	2026-04-08T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41252
published_at	2026-04-09T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41274
published_at	2026-04-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41242
published_at	2026-04-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41228
published_at	2026-04-13T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41272
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16359

reference_url	https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e

reference_url	https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882

reference_url	https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d

reference_url	https://github.com/radare/radare2/issues/8764
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8764

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880616
reference_id	880616
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880616

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16359

reference_id

CVE-2017-16359

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16359

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-16359

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7p7w-jwbj-guea

url VCID-8bzm-ye49-w7fc

vulnerability_id VCID-8bzm-ye49-w7fc

summary The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15385

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51726
published_at	2026-04-21T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51746
published_at	2026-04-18T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51601
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51652
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51677
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51637
published_at	2026-04-07T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51692
published_at	2026-04-08T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51688
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51737
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51715
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51698
published_at	2026-04-13T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51739
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15385

reference_url	https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4

reference_url	https://github.com/radare/radare2/issues/8685
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8685

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879119
reference_id	879119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15385

reference_id

CVE-2017-15385

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15385

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-15385

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bzm-ye49-w7fc

url VCID-8xen-g6z6-hfcs

vulnerability_id VCID-8xen-g6z6-hfcs

summary Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1649

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.4807
published_at	2026-04-01T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48107
published_at	2026-04-02T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48128
published_at	2026-04-04T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48077
published_at	2026-04-07T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.4813
published_at	2026-04-08T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48125
published_at	2026-04-09T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48149
published_at	2026-04-11T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48122
published_at	2026-04-12T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48133
published_at	2026-04-13T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48186
published_at	2026-04-16T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.4818
published_at	2026-04-18T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48137
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1649

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1649

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xen-g6z6-hfcs

url VCID-8zuq-cnzg-9bfk

vulnerability_id VCID-8zuq-cnzg-9bfk

summary A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4021

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.62962
published_at	2026-04-21T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62832
published_at	2026-04-01T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6289
published_at	2026-04-02T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6292
published_at	2026-04-04T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62883
published_at	2026-04-07T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62934
published_at	2026-04-08T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6295
published_at	2026-04-09T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62969
published_at	2026-04-11T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62957
published_at	2026-04-12T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62935
published_at	2026-04-13T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62976
published_at	2026-04-16T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62983
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4021

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490
reference_id	1014490
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490

reference_url

https://security.archlinux.org/AVG-2583

reference_id

AVG-2583

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2583

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-4021

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zuq-cnzg-9bfk

url VCID-9cdv-pbch-47cp

vulnerability_id VCID-9cdv-pbch-47cp

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4322

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47576
published_at	2026-04-02T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47597
published_at	2026-04-12T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47546
published_at	2026-04-07T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47601
published_at	2026-04-08T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47621
published_at	2026-04-11T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47606
published_at	2026-04-13T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47664
published_at	2026-04-16T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47656
published_at	2026-04-18T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47609
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4322

reference_url

https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd

reference_id

06e2484c-d6f1-4497-af67-26549be9fffd

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/

url

https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051898
reference_id	1051898
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051898

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/

reference_id

64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/

reference_url

https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd

reference_id

ba919adb74ac368bf76b150a00347ded78b572dd

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/

url

https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/

reference_id

SOZ6XCADVAPAIHMVSV3FUAN742BHXF55

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-4322

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cdv-pbch-47cp

url VCID-9nn6-cp89-qkd3

vulnerability_id VCID-9nn6-cp89-qkd3

summary The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14017

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14017

reference_url	https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152

reference_url	https://github.com/radare/radare2/issues/10498
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10498

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903726
reference_id	903726
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903726

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14017

reference_id

CVE-2018-14017

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14017

fixed_packages

url	pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-14017

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nn6-cp89-qkd3

url VCID-9yq7-v9ah-qyek

vulnerability_id VCID-9yq7-v9ah-qyek

summary An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46570

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33957
published_at	2026-04-21T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33969
published_at	2026-04-13T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34003
published_at	2026-04-16T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3399
published_at	2026-04-18T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34073
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34104
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33963
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34005
published_at	2026-04-08T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34036
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33993
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46570

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908
reference_id	1054908
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908

reference_url

https://github.com/radareorg/radare2/issues/22333

reference_id

22333

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:52:30Z/

url

https://github.com/radareorg/radare2/issues/22333

reference_url

https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6

reference_id

d7fa58f1b3418ef08ad244acccc10ba6

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:52:30Z/

url

https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-46570

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-v9ah-qyek

url VCID-9zrm-xdkz-fbfb

vulnerability_id VCID-9zrm-xdkz-fbfb

summary A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5646

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35253
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35153
published_at	2026-04-21T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35201
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35215
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35176
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.352
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35232
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35206
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35162
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35281
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5646

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24235

reference_id

24235

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://github.com/radareorg/radare2/issues/24235

reference_url

https://github.com/radareorg/radare2/issues/24235#issuecomment-2918847213

reference_id

24235#issuecomment-2918847213

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://github.com/radareorg/radare2/issues/24235#issuecomment-2918847213

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311134

reference_id

?ctiid.311134

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://vuldb.com/?ctiid.311134

reference_url

https://vuldb.com/?id.311134

reference_id

?id.311134

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://vuldb.com/?id.311134

reference_url

https://vuldb.com/?submit.586923

reference_id

?submit.586923

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://vuldb.com/?submit.586923

reference_url

https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/

url

https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5646

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zrm-xdkz-fbfb

url VCID-a4ec-hp76-rqcv

vulnerability_id VCID-a4ec-hp76-rqcv

summary The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9520

reference_id

reference_type

scores

value	0.00202
scoring_system	epss
scoring_elements	0.42241
published_at	2026-04-01T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42316
published_at	2026-04-02T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42345
published_at	2026-04-04T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42286
published_at	2026-04-07T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42334
published_at	2026-04-08T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42342
published_at	2026-04-09T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42365
published_at	2026-04-11T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42328
published_at	2026-04-12T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.423
published_at	2026-04-13T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.4235
published_at	2026-04-16T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42326
published_at	2026-04-18T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42253
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9520

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864533
reference_id	864533
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864533

fixed_packages

url	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-9520

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ec-hp76-rqcv

url VCID-a4us-jxhs-nfgh

vulnerability_id VCID-a4us-jxhs-nfgh

summary The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11375

reference_id

reference_type

scores

value	0.00232
scoring_system	epss
scoring_elements	0.4606
published_at	2026-04-21T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46118
published_at	2026-04-16T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46114
published_at	2026-04-18T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.45986
published_at	2026-04-01T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46037
published_at	2026-04-02T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46059
published_at	2026-04-09T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46006
published_at	2026-04-07T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46062
published_at	2026-04-08T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46084
published_at	2026-04-11T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46055
published_at	2026-04-12T12:55:00Z

value	0.00232
scoring_system	epss
scoring_elements	0.46063
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11375

reference_url	https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68

reference_url	https://github.com/radare/radare2/issues/9928
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9928

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11375

reference_id

CVE-2018-11375

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11375

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11375

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4us-jxhs-nfgh

url VCID-aekg-54vs-6yca

vulnerability_id VCID-aekg-54vs-6yca

summary In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8810

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8810

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895749
reference_id	895749
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895749

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-8810

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aekg-54vs-6yca

url VCID-ak4h-uq4k-23hs

vulnerability_id VCID-ak4h-uq4k-23hs

summary In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20459

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39481
published_at	2026-04-21T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39565
published_at	2026-04-18T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3943
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39579
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39602
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39518
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39573
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39589
published_at	2026-04-09T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39599
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39561
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39545
published_at	2026-04-13T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39595
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20459

reference_url	https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7

reference_url	https://github.com/radare/radare2/issues/12418
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12418

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322
reference_id	917322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20459

reference_id

CVE-2018-20459

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20459

fixed_packages

url	pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.2.1%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20459

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ak4h-uq4k-23hs

url VCID-aubp-kw7t-abam

vulnerability_id VCID-aubp-kw7t-abam

summary Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0849

reference_id

reference_type

scores

value	0.00265
scoring_system	epss
scoring_elements	0.50049
published_at	2026-04-18T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.49951
published_at	2026-04-01T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.49988
published_at	2026-04-02T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50016
published_at	2026-04-04T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.49966
published_at	2026-04-07T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50021
published_at	2026-04-21T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50014
published_at	2026-04-09T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50032
published_at	2026-04-11T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50005
published_at	2026-04-12T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50001
published_at	2026-04-13T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50047
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0849

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0849

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aubp-kw7t-abam

url VCID-aupe-75b8-fbff

vulnerability_id VCID-aupe-75b8-fbff

summary heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1444

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.51996
published_at	2026-04-01T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52043
published_at	2026-04-02T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52069
published_at	2026-04-04T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52035
published_at	2026-04-07T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52089
published_at	2026-04-08T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52086
published_at	2026-04-09T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52138
published_at	2026-04-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52121
published_at	2026-04-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52107
published_at	2026-04-13T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52147
published_at	2026-04-16T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.5215
published_at	2026-04-18T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52132
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1444

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1444

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aupe-75b8-fbff

url VCID-ausu-fn3w-kueu

vulnerability_id VCID-ausu-fn3w-kueu

summary The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11379

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11379

reference_url	https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c

reference_url	https://github.com/radare/radare2/issues/9926
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9926

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11379

reference_id

CVE-2018-11379

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11379

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11379

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ausu-fn3w-kueu

url VCID-avnf-p1zx-47ce

vulnerability_id VCID-avnf-p1zx-47ce

summary Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32494

reference_id

reference_type

scores

value	0.00218
scoring_system	epss
scoring_elements	0.44394
published_at	2026-04-21T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44419
published_at	2026-04-02T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44417
published_at	2026-04-13T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44474
published_at	2026-04-16T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44464
published_at	2026-04-18T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44332
published_at	2026-04-01T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44441
published_at	2026-04-04T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44375
published_at	2026-04-07T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44426
published_at	2026-04-08T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44433
published_at	2026-04-09T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.4445
published_at	2026-04-11T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44418
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32494

reference_url

https://github.com/radareorg/radare2/issues/18667

reference_id

18667

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/

url

https://github.com/radareorg/radare2/issues/18667

reference_url

https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62

reference_id

a07dedb804a82bc01c07072861942dd80c6b6d62

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/

url

https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-32494

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avnf-p1zx-47ce

url VCID-awv9-a65t-gfax

vulnerability_id VCID-awv9-a65t-gfax

summary A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5643

reference_id

reference_type

scores

value	0.0016
scoring_system	epss
scoring_elements	0.36983
published_at	2026-04-02T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36832
published_at	2026-04-21T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.3689
published_at	2026-04-18T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36906
published_at	2026-04-16T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36861
published_at	2026-04-13T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36886
published_at	2026-04-12T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36921
published_at	2026-04-11T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36912
published_at	2026-04-09T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36897
published_at	2026-04-08T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36846
published_at	2026-04-07T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.37018
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5643

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24232

reference_id

24232

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://github.com/radareorg/radare2/issues/24232

reference_url

https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776

reference_id

24232#issuecomment-2918841776

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311131

reference_id

?ctiid.311131

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://vuldb.com/?ctiid.311131

reference_url

https://vuldb.com/?id.311131

reference_id

?id.311131

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://vuldb.com/?id.311131

reference_url

https://vuldb.com/?submit.586912

reference_id

?submit.586912

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://vuldb.com/?submit.586912

reference_url

https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/

url

https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5643

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awv9-a65t-gfax

url VCID-ba9q-e289-ekbt

vulnerability_id VCID-ba9q-e289-ekbt

summary In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12802

reference_id

reference_type

scores

value	0.0046
scoring_system	epss
scoring_elements	0.6404
published_at	2026-04-01T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64097
published_at	2026-04-02T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64124
published_at	2026-04-04T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64083
published_at	2026-04-07T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64134
published_at	2026-04-08T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.6415
published_at	2026-04-09T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64162
published_at	2026-04-11T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64151
published_at	2026-04-12T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64122
published_at	2026-04-13T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.64158
published_at	2026-04-21T12:55:00Z

value	0.0046
scoring_system	epss
scoring_elements	0.6417
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12802

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510
reference_id	930510
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510

fixed_packages

url	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-12802

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba9q-e289-ekbt

url VCID-befg-btu3-g3ek

vulnerability_id VCID-befg-btu3-g3ek

summary Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0519

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57709
published_at	2026-04-01T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57794
published_at	2026-04-02T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57814
published_at	2026-04-04T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57787
published_at	2026-04-07T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57842
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57844
published_at	2026-04-09T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57861
published_at	2026-04-11T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57839
published_at	2026-04-12T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57817
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57846
published_at	2026-04-16T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57845
published_at	2026-04-18T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57822
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0519

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0519

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-befg-btu3-g3ek

url VCID-bkmk-u5ep-w3cq

vulnerability_id VCID-bkmk-u5ep-w3cq

summary In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10187

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10187

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305
reference_id	897305
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-10187

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkmk-u5ep-w3cq

url VCID-bmmz-g7bb-6ydp

vulnerability_id VCID-bmmz-g7bb-6ydp

summary An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46569

reference_id

reference_type

scores

value	0.00152
scoring_system	epss
scoring_elements	0.35808
published_at	2026-04-21T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35831
published_at	2026-04-13T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.3587
published_at	2026-04-16T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35858
published_at	2026-04-18T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35956
published_at	2026-04-02T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35986
published_at	2026-04-04T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35817
published_at	2026-04-07T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35867
published_at	2026-04-08T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.3589
published_at	2026-04-09T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35896
published_at	2026-04-11T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35855
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46569

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908
reference_id	1054908
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908

reference_url

https://github.com/radareorg/radare2/issues/22334

reference_id

22334

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:50:40Z/

url

https://github.com/radareorg/radare2/issues/22334

reference_url

https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8

reference_id

afeaf8cc958f95876f0ee245b8a002e8

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:50:40Z/

url

https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-46569

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmmz-g7bb-6ydp

url VCID-bws2-var3-a3au

vulnerability_id VCID-bws2-var3-a3au

summary radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-60358

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04875
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04731
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04741
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04764
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04779
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04812
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04825
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0479
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0477
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04723
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-60358

reference_url

https://github.com/radareorg/radare2/pull/24224

reference_id

24224

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T13:35:56Z/

url

https://github.com/radareorg/radare2/pull/24224

reference_url	https://usn.ubuntu.com/7842-1/
reference_id	USN-7842-1
reference_type
scores
url	https://usn.ubuntu.com/7842-1/

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-60358

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bws2-var3-a3au

url VCID-cbnj-ccs4-4uap

vulnerability_id VCID-cbnj-ccs4-4uap

summary radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17487

reference_id

reference_type

scores

value	0.00521
scoring_system	epss
scoring_elements	0.66777
published_at	2026-04-01T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66815
published_at	2026-04-02T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.6684
published_at	2026-04-04T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66813
published_at	2026-04-07T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66862
published_at	2026-04-08T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66876
published_at	2026-04-09T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66895
published_at	2026-04-11T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66882
published_at	2026-04-16T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66849
published_at	2026-04-13T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66896
published_at	2026-04-18T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66879
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17487

fixed_packages

url	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2020-17487

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbnj-ccs4-4uap

url VCID-ccqg-j1n1-dqb8

vulnerability_id VCID-ccqg-j1n1-dqb8

summary A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28068

reference_id

reference_type

scores

value	0.00135
scoring_system	epss
scoring_elements	0.33138
published_at	2026-04-21T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33276
published_at	2026-04-02T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33309
published_at	2026-04-04T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33142
published_at	2026-04-07T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33185
published_at	2026-04-08T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33218
published_at	2026-04-09T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.3322
published_at	2026-04-11T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33181
published_at	2026-04-12T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33157
published_at	2026-04-13T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33197
published_at	2026-04-16T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33175
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28068

reference_url

https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992

reference_id

637f4bd1af6752e28e0a9998e954e2e9ce6fa992

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:56:12Z/

url

https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-28068

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccqg-j1n1-dqb8

url VCID-czpx-39nm-3fhk

vulnerability_id VCID-czpx-39nm-3fhk

summary radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44974

reference_id

reference_type

scores

value	0.00349
scoring_system	epss
scoring_elements	0.57445
published_at	2026-04-21T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57335
published_at	2026-04-01T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57416
published_at	2026-04-02T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57439
published_at	2026-04-04T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57414
published_at	2026-04-07T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57466
published_at	2026-04-08T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57469
published_at	2026-04-09T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57485
published_at	2026-04-11T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57462
published_at	2026-04-12T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57443
published_at	2026-04-13T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.5747
published_at	2026-04-16T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57465
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44974

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490
reference_id	1014490
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490

reference_url

https://security.archlinux.org/AVG-2748

reference_id

AVG-2748

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2748

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-44974

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czpx-39nm-3fhk

url VCID-dpfc-t7cc-uqef

vulnerability_id VCID-dpfc-t7cc-uqef

summary

Out-of-bounds Write vulnerability in radareorg radare2 allows 

heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1744

reference_id

reference_type

scores

value	0.00311
scoring_system	epss
scoring_elements	0.54305
published_at	2026-04-04T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54275
published_at	2026-04-02T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.5428
published_at	2026-04-07T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63732
published_at	2026-04-21T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63701
published_at	2026-04-13T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63736
published_at	2026-04-16T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63746
published_at	2026-04-18T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63718
published_at	2026-04-08T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63734
published_at	2026-04-09T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63749
published_at	2026-04-11T12:55:00Z

value	0.00451
scoring_system	epss
scoring_elements	0.63735
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1744

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099620
reference_id	1099620
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099620

reference_url

https://github.com/radareorg/radare2/pull/23969

reference_id

23969

reference_type

scores

value	10
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-28T15:21:10Z/

url

https://github.com/radareorg/radare2/pull/23969

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-1744

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpfc-t7cc-uqef

url VCID-drqw-6fx3-augx

vulnerability_id VCID-drqw-6fx3-augx

summary Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0695

reference_id

reference_type

scores

value	0.00324
scoring_system	epss
scoring_elements	0.553
published_at	2026-04-01T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55414
published_at	2026-04-02T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55439
published_at	2026-04-04T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55418
published_at	2026-04-07T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55469
published_at	2026-04-09T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55479
published_at	2026-04-11T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55458
published_at	2026-04-21T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.5544
published_at	2026-04-13T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55476
published_at	2026-04-16T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.5548
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0695

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0695

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drqw-6fx3-augx

url VCID-ds17-huzd-37d2

vulnerability_id VCID-ds17-huzd-37d2

summary Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0521

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57709
published_at	2026-04-01T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57794
published_at	2026-04-02T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57814
published_at	2026-04-04T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57787
published_at	2026-04-07T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57842
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57844
published_at	2026-04-09T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57861
published_at	2026-04-11T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57839
published_at	2026-04-12T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57817
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57846
published_at	2026-04-16T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57845
published_at	2026-04-18T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57822
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0521

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0521

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ds17-huzd-37d2

url VCID-dzzp-5yb2-h7fq

vulnerability_id VCID-dzzp-5yb2-h7fq

summary A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28073

reference_id

reference_type

scores

value	0.00365
scoring_system	epss
scoring_elements	0.58526
published_at	2026-04-18T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58463
published_at	2026-04-02T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58482
published_at	2026-04-04T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58453
published_at	2026-04-07T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58505
published_at	2026-04-21T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58511
published_at	2026-04-09T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58528
published_at	2026-04-11T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58509
published_at	2026-04-12T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58489
published_at	2026-04-13T12:55:00Z

value	0.00365
scoring_system	epss
scoring_elements	0.58521
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28073

reference_url

https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053

reference_id

59a9dfb60acf8b5c0312061cffd9693fc9526053

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:02Z/

url

https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-28073

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzzp-5yb2-h7fq

url VCID-e1ry-7wyr-z7gt

vulnerability_id VCID-e1ry-7wyr-z7gt

summary Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1052

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35448
published_at	2026-04-01T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35647
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35672
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35553
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35599
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35622
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35632
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35587
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35565
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35604
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35593
published_at	2026-04-18T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35544
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1052

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1052

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ry-7wyr-z7gt

url VCID-e4sm-emrh-qkc9

vulnerability_id VCID-e4sm-emrh-qkc9

summary Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1207

reference_id

reference_type

scores

value	0.00106
scoring_system	epss
scoring_elements	0.28699
published_at	2026-04-01T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28781
published_at	2026-04-02T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2883
published_at	2026-04-04T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28635
published_at	2026-04-07T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28701
published_at	2026-04-08T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2874
published_at	2026-04-09T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28744
published_at	2026-04-11T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.287
published_at	2026-04-12T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28651
published_at	2026-04-13T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28671
published_at	2026-04-16T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28646
published_at	2026-04-18T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28599
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1207

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1207

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4sm-emrh-qkc9

url VCID-e8zb-wjjn-ubd9

vulnerability_id VCID-e8zb-wjjn-ubd9

summary radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-16269

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.57924
published_at	2026-04-01T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58009
published_at	2026-04-02T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58031
published_at	2026-04-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58007
published_at	2026-04-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58061
published_at	2026-04-08T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58065
published_at	2026-04-09T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58081
published_at	2026-04-11T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58058
published_at	2026-04-12T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58038
published_at	2026-04-13T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58068
published_at	2026-04-18T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58045
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-16269

fixed_packages

url	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2020-16269

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8zb-wjjn-ubd9

url VCID-egzy-8xjc-muc1

vulnerability_id VCID-egzy-8xjc-muc1

summary In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8808

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8808

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895752
reference_id	895752
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895752

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-8808

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egzy-8xjc-muc1

url VCID-esdn-avz7-c3g4

vulnerability_id VCID-esdn-avz7-c3g4

summary Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0139

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.60491
published_at	2026-04-01T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60565
published_at	2026-04-02T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60594
published_at	2026-04-04T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60563
published_at	2026-04-07T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60611
published_at	2026-04-08T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60627
published_at	2026-04-09T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60652
published_at	2026-04-11T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60637
published_at	2026-04-12T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60616
published_at	2026-04-13T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60658
published_at	2026-04-16T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60664
published_at	2026-04-18T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60651
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0139

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0139

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esdn-avz7-c3g4

url VCID-euwf-e2ud-wban

vulnerability_id VCID-euwf-e2ud-wban

summary Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1605

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50695
published_at	2026-04-21T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50683
published_at	2026-04-12T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50709
published_at	2026-04-16T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50715
published_at	2026-04-18T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.5063
published_at	2026-04-02T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50657
published_at	2026-04-04T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50612
published_at	2026-04-07T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50667
published_at	2026-04-13T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50663
published_at	2026-04-09T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50705
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1605

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034180
reference_id	1034180
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034180

reference_url

https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f

reference_id

508a6307045441defd1bef0999a1f7052097613f

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:30:31Z/

url

https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f

reference_url

https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2

reference_id

9dddcf5b-7dd4-46cc-abf9-172dce20bab2

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:30:31Z/

url

https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-1605

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-euwf-e2ud-wban

url VCID-ev6a-h3yd-5udh

vulnerability_id VCID-ev6a-h3yd-5udh

summary Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1864

reference_id

reference_type

scores

value	0.0026
scoring_system	epss
scoring_elements	0.49383
published_at	2026-04-02T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.4941
published_at	2026-04-04T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49364
published_at	2026-04-07T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49419
published_at	2026-04-08T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49414
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54223
published_at	2026-04-11T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.5822
published_at	2026-04-21T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58231
published_at	2026-04-12T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58245
published_at	2026-04-18T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58211
published_at	2026-04-13T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58243
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1864

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622
reference_id	1099622
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622

reference_url

https://github.com/radareorg/radare2/pull/23981

reference_id

23981

reference_type

scores

value	10
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-03T14:09:22Z/

url

https://github.com/radareorg/radare2/pull/23981

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-1864

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev6a-h3yd-5udh

url VCID-fktn-5h3c-t3ay

vulnerability_id VCID-fktn-5h3c-t3ay

summary Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0559

reference_id

reference_type

scores

value	0.00327
scoring_system	epss
scoring_elements	0.55513
published_at	2026-04-01T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55624
published_at	2026-04-02T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55648
published_at	2026-04-04T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55626
published_at	2026-04-07T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55678
published_at	2026-04-08T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55681
published_at	2026-04-09T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.5569
published_at	2026-04-11T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.5567
published_at	2026-04-12T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55652
published_at	2026-04-13T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55691
published_at	2026-04-16T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55695
published_at	2026-04-18T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55674
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0559

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0559

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fktn-5h3c-t3ay

url VCID-fuw5-x3dd-6yg8

vulnerability_id VCID-fuw5-x3dd-6yg8

summary The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11383

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11383

reference_url	https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a

reference_url	https://github.com/radare/radare2/issues/9943
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9943

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11383

reference_id

CVE-2018-11383

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11383

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11383

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuw5-x3dd-6yg8

url VCID-gebx-34kc-xuh6

vulnerability_id VCID-gebx-34kc-xuh6

summary radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-60359

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04875
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04731
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04741
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04764
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04779
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04812
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04825
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0479
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0477
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04723
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-60359

reference_url

https://github.com/radareorg/radare2/pull/24215

reference_id

24215

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:23:06Z/

url

https://github.com/radareorg/radare2/pull/24215

reference_url	https://usn.ubuntu.com/7915-1/
reference_id	USN-7915-1
reference_type
scores
url	https://usn.ubuntu.com/7915-1/

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-60359

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gebx-34kc-xuh6

url VCID-gmtk-srvb-byek

vulnerability_id VCID-gmtk-srvb-byek

summary There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12321

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38003
published_at	2026-04-21T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38067
published_at	2026-04-18T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37948
published_at	2026-04-01T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3813
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38154
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38024
published_at	2026-04-07T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38075
published_at	2026-04-08T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38084
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38102
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38065
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38042
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38087
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12321

reference_url	https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d

reference_url	https://github.com/radare/radare2/issues/10296
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10296

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629
reference_id	901629
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12321

reference_id

CVE-2018-12321

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12321

fixed_packages

url	pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-12321

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmtk-srvb-byek

url VCID-gn9n-bv7p-bbap

vulnerability_id VCID-gn9n-bv7p-bbap

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0518

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.57568
published_at	2026-04-01T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57652
published_at	2026-04-02T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57674
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5765
published_at	2026-04-07T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57704
published_at	2026-04-08T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57707
published_at	2026-04-09T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57722
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57701
published_at	2026-04-12T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57681
published_at	2026-04-13T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57711
published_at	2026-04-16T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57708
published_at	2026-04-18T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57686
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0518

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0518

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gn9n-bv7p-bbap

url VCID-gqsh-nqdu-3qex

vulnerability_id VCID-gqsh-nqdu-3qex

summary A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1378

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10331
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10267
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10314
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10181
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10208
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10334
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10355
published_at	2026-04-12T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10396
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10365
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10304
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1023
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1378

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098376
reference_id	1098376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098376

reference_url

https://github.com/radareorg/radare2/issues/23953

reference_id

23953

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://github.com/radareorg/radare2/issues/23953

reference_url

https://github.com/radareorg/radare2/issues/23953#issue-2844325926

reference_id

23953#issue-2844325926

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://github.com/radareorg/radare2/issues/23953#issue-2844325926

reference_url

https://github.com/radareorg/radare2/milestone/86

reference_id

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://github.com/radareorg/radare2/milestone/86

reference_url

https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545

reference_id

c6c772d2eab692ce7ada5a4227afd50c355ad545

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545

reference_url

https://vuldb.com/?ctiid.295986

reference_id

?ctiid.295986

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://vuldb.com/?ctiid.295986

reference_url

https://vuldb.com/?id.295986

reference_id

?id.295986

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://vuldb.com/?id.295986

reference_url

https://vuldb.com/?submit.498499

reference_id

?submit.498499

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/

url

https://vuldb.com/?submit.498499

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-1378

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqsh-nqdu-3qex

url VCID-gy1s-hmrp-fbdg

vulnerability_id VCID-gy1s-hmrp-fbdg

summary A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5644

reference_id

reference_type

scores

value	0.00125
scoring_system	epss
scoring_elements	0.31915
published_at	2026-04-02T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31768
published_at	2026-04-21T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31798
published_at	2026-04-18T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31818
published_at	2026-04-16T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31787
published_at	2026-04-13T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31822
published_at	2026-04-12T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.3186
published_at	2026-04-11T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31858
published_at	2026-04-09T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31827
published_at	2026-04-08T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31776
published_at	2026-04-07T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31957
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5644

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24233

reference_id

24233

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://github.com/radareorg/radare2/issues/24233

reference_url

https://github.com/radareorg/radare2/issues/24233#issuecomment-2918847833

reference_id

24233#issuecomment-2918847833

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://github.com/radareorg/radare2/issues/24233#issuecomment-2918847833

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311132

reference_id

?ctiid.311132

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://vuldb.com/?ctiid.311132

reference_url

https://vuldb.com/?id.311132

reference_id

?id.311132

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://vuldb.com/?id.311132

reference_url

https://vuldb.com/?submit.586921

reference_id

?submit.586921

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://vuldb.com/?submit.586921

reference_url

https://drive.google.com/file/d/1VtiMMp7ECun3sq3AwlqQrU9xEPA45eOz/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/

url

https://drive.google.com/file/d/1VtiMMp7ECun3sq3AwlqQrU9xEPA45eOz/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5644

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gy1s-hmrp-fbdg

url VCID-h43t-cy2h-jfdv

vulnerability_id VCID-h43t-cy2h-jfdv

summary Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1061

reference_id

reference_type

scores

value	0.0027
scoring_system	epss
scoring_elements	0.50418
published_at	2026-04-01T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50474
published_at	2026-04-02T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50502
published_at	2026-04-04T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50456
published_at	2026-04-07T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.5051
published_at	2026-04-13T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50506
published_at	2026-04-09T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50548
published_at	2026-04-11T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50525
published_at	2026-04-12T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50553
published_at	2026-04-16T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50558
published_at	2026-04-18T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50535
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1061

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1061

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h43t-cy2h-jfdv

url VCID-h4qz-m51b-5khw

vulnerability_id VCID-h4qz-m51b-5khw

summary The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6194

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35509
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3556
published_at	2026-04-18T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35411
published_at	2026-04-01T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35611
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35636
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35518
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35564
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35588
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35598
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35554
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3553
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3557
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6194

reference_url	https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18

reference_url	https://github.com/radare/radare2/issues/6829
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/6829

reference_url	http://www.securityfocus.com/bid/97299
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97299

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448
reference_id	859448
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-6194

reference_id

CVE-2017-6194

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-6194

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-4%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-6194

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4qz-m51b-5khw

url VCID-hkwf-9xsj-xqct

vulnerability_id VCID-hkwf-9xsj-xqct

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1437

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48361
published_at	2026-04-01T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48397
published_at	2026-04-02T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48418
published_at	2026-04-04T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48371
published_at	2026-04-07T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48426
published_at	2026-04-08T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.4842
published_at	2026-04-09T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48444
published_at	2026-04-11T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48419
published_at	2026-04-12T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48431
published_at	2026-04-21T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48481
published_at	2026-04-16T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48476
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1437

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1437

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkwf-9xsj-xqct

url VCID-hvrq-x6mt-nuad

vulnerability_id VCID-hvrq-x6mt-nuad

summary In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16805

reference_id

reference_type

scores

value	0.00202
scoring_system	epss
scoring_elements	0.42253
published_at	2026-04-21T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42326
published_at	2026-04-18T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42241
published_at	2026-04-01T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42316
published_at	2026-04-02T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42345
published_at	2026-04-04T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42286
published_at	2026-04-07T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42334
published_at	2026-04-08T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42342
published_at	2026-04-09T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42365
published_at	2026-04-11T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42328
published_at	2026-04-12T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.423
published_at	2026-04-13T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.4235
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16805

reference_url	https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d

reference_url	https://github.com/radare/radare2/issues/8813
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8813

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882134
reference_id	882134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16805

reference_id

CVE-2017-16805

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16805

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-16805

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvrq-x6mt-nuad

url VCID-j79s-4ev5-jucd

vulnerability_id VCID-j79s-4ev5-jucd

summary The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7716

reference_id

reference_type

scores

value	0.00186
scoring_system	epss
scoring_elements	0.40309
published_at	2026-04-21T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40384
published_at	2026-04-18T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40326
published_at	2026-04-01T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40392
published_at	2026-04-02T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40418
published_at	2026-04-04T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40342
published_at	2026-04-07T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40393
published_at	2026-04-08T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40404
published_at	2026-04-09T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40424
published_at	2026-04-11T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40387
published_at	2026-04-12T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40368
published_at	2026-04-13T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40415
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7716

reference_url	https://github.com/radare/radare2/issues/7260
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/7260

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7716

reference_id

CVE-2017-7716

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7716

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-7716

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j79s-4ev5-jucd

url VCID-jb8a-6f7d-hkas

vulnerability_id VCID-jb8a-6f7d-hkas

summary A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-63745

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04573
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04696
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04558
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04548
published_at	2026-04-16T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04929
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10856
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10792
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10682
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10759
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10816
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10828
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-63745

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120793
reference_id	1120793
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120793

reference_url

https://github.com/radareorg/radare2/issues/24660

reference_id

24660

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/

url

https://github.com/radareorg/radare2/issues/24660

reference_url

https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd

reference_id

6c5df3f8570d4f0c360681c08241ad8af3b919fd

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/

url

https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd

reference_url

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md

reference_id

MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/

url

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md

reference_url

https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md

reference_id

radare2-nullptr-deref-bin_ne.md

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/

url

https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md

fixed_packages

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-63745

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jb8a-6f7d-hkas

url VCID-khyh-e434-x3hk

vulnerability_id VCID-khyh-e434-x3hk

summary radare2 is vulnerable to Out-of-bounds Read

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0173

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57714
published_at	2026-04-01T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57799
published_at	2026-04-02T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57819
published_at	2026-04-04T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57793
published_at	2026-04-07T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57848
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57849
published_at	2026-04-09T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57866
published_at	2026-04-11T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57844
published_at	2026-04-12T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57823
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57852
published_at	2026-04-16T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57851
published_at	2026-04-18T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57828
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0173

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0173

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khyh-e434-x3hk

url VCID-m715-ppbg-xya5

vulnerability_id VCID-m715-ppbg-xya5

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-41015

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01082
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01093
published_at	2026-04-18T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01157
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-41015

reference_url

https://github.com/radareorg/radare2/issues/25650

reference_id

25650

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/

url

https://github.com/radareorg/radare2/issues/25650

reference_url

https://github.com/radareorg/radare2/pull/25651

reference_id

25651

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/

url

https://github.com/radareorg/radare2/pull/25651

reference_url

https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2

reference_id

9236f44a28812fe911814e1b3a7bcf1e4de5d3c2

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/

url

https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2

reference_url

https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5

reference_id

SECURITY.md?plain=1#L3-L5

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/

url

https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2026-41015

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m715-ppbg-xya5

url VCID-mcfw-hm7m-uuh5

vulnerability_id VCID-mcfw-hm7m-uuh5

summary In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10186

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10186

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305
reference_id	897305
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-10186

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcfw-hm7m-uuh5

url VCID-myn1-h1xa-5ba7

vulnerability_id VCID-myn1-h1xa-5ba7

summary The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11380

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11380

reference_url	https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134

reference_url	https://github.com/radare/radare2/issues/9970
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9970

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11380

reference_id

CVE-2018-11380

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11380

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11380

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myn1-h1xa-5ba7

url VCID-n5c5-p9qk-zkgz

vulnerability_id VCID-n5c5-p9qk-zkgz

summary NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1382

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48146
published_at	2026-04-01T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48183
published_at	2026-04-02T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48202
published_at	2026-04-04T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48154
published_at	2026-04-07T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48208
published_at	2026-04-08T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48201
published_at	2026-04-09T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48225
published_at	2026-04-11T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48199
published_at	2026-04-12T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48211
published_at	2026-04-13T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48262
published_at	2026-04-16T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48258
published_at	2026-04-18T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48213
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1382

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1382

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5c5-p9qk-zkgz

url VCID-nh84-fufj-pfgr

vulnerability_id VCID-nh84-fufj-pfgr

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0676

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.57578
published_at	2026-04-01T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57664
published_at	2026-04-02T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57685
published_at	2026-04-04T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.5875
published_at	2026-04-07T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58803
published_at	2026-04-08T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.5881
published_at	2026-04-12T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58828
published_at	2026-04-11T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.5879
published_at	2026-04-13T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58823
published_at	2026-04-16T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58827
published_at	2026-04-18T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58804
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0676

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0676

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh84-fufj-pfgr

url VCID-njkh-gajt-x3cx

vulnerability_id VCID-njkh-gajt-x3cx

summary There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12320

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38003
published_at	2026-04-21T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38067
published_at	2026-04-18T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37948
published_at	2026-04-01T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3813
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38154
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38024
published_at	2026-04-07T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38075
published_at	2026-04-08T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38084
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38102
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38065
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38042
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38087
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12320

reference_url	https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548

reference_url	https://github.com/radare/radare2/issues/10293
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10293

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630
reference_id	901630
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12320

reference_id

CVE-2018-12320

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12320

fixed_packages

url	pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-12320

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njkh-gajt-x3cx

url VCID-nnye-265s-hfdm

vulnerability_id VCID-nnye-265s-hfdm

summary Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-29646

reference_id

reference_type

scores

value	0.00605
scoring_system	epss
scoring_elements	0.6958
published_at	2026-04-04T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.6965
published_at	2026-04-21T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69668
published_at	2026-04-18T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69659
published_at	2026-04-16T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69619
published_at	2026-04-13T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69633
published_at	2026-04-12T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69648
published_at	2026-04-11T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69626
published_at	2026-04-09T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69609
published_at	2026-04-08T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69558
published_at	2026-04-07T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69564
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-29646

reference_url

https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690

reference_id

0be4a204e7226fa2cea761c09f027690

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/

url

https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690

reference_url

https://github.com/radareorg/radare2/pull/22562

reference_id

22562

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/

url

https://github.com/radareorg/radare2/pull/22562

reference_url

https://github.com/radareorg/radare2/pull/22567

reference_id

22567

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/

url

https://github.com/radareorg/radare2/pull/22567

reference_url

https://github.com/radareorg/radare2/pull/22572

reference_id

22572

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/

url

https://github.com/radareorg/radare2/pull/22572

reference_url

https://github.com/radareorg/radare2/pull/22578

reference_id

22578

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/

url

https://github.com/radareorg/radare2/pull/22578

reference_url

https://github.com/radareorg/radare2/pull/22599

reference_id

22599

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/

url

https://github.com/radareorg/radare2/pull/22599

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2024-29646

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnye-265s-hfdm

url VCID-nuzb-2zqv-wbgf

vulnerability_id VCID-nuzb-2zqv-wbgf

summary NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1283

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50624
published_at	2026-04-01T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50677
published_at	2026-04-02T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50703
published_at	2026-04-04T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50659
published_at	2026-04-07T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50714
published_at	2026-04-13T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.5071
published_at	2026-04-09T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50752
published_at	2026-04-11T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50729
published_at	2026-04-12T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50754
published_at	2026-04-16T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.5076
published_at	2026-04-18T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.5074
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1283

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1283

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuzb-2zqv-wbgf

url VCID-ny2r-28hp-5uep

vulnerability_id VCID-ny2r-28hp-5uep

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5686

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24664
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24702
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24474
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24544
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24589
published_at	2026-04-09T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24605
published_at	2026-04-11T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24563
published_at	2026-04-12T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24509
published_at	2026-04-13T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2452
published_at	2026-04-16T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24512
published_at	2026-04-18T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24489
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5686

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055854
reference_id	1055854
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055854

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-5686

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ny2r-28hp-5uep

100

url VCID-p5f7-7r1a-rycr

vulnerability_id VCID-p5f7-7r1a-rycr

summary NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0419

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.4805
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47979
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48017
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48038
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47987
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4804
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-09T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48058
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48035
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48098
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48093
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0419

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

reference_url

https://security.archlinux.org/AVG-2748

reference_id

AVG-2748

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2748

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0419

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5f7-7r1a-rycr

101

url VCID-patn-amhm-cqcp

vulnerability_id VCID-patn-amhm-cqcp

summary Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0302

reference_id

reference_type

scores

value	0.00189
scoring_system	epss
scoring_elements	0.40636
published_at	2026-04-21T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40697
published_at	2026-04-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40742
published_at	2026-04-16T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40713
published_at	2026-04-18T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40725
published_at	2026-04-02T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40753
published_at	2026-04-04T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40676
published_at	2026-04-07T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40726
published_at	2026-04-08T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40732
published_at	2026-04-09T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.4075
published_at	2026-04-11T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40715
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0302

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029037
reference_id	1029037
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029037

reference_url

https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e

reference_id

583133af-7ae6-4a21-beef-a4b0182cf82e

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:47:04Z/

url

https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e

reference_url

https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce

reference_id

961f0e723903011d4f54c2396e44efa91fcc74ce

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:47:04Z/

url

https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-0302

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-patn-amhm-cqcp

102

url VCID-pme4-1y6v-4ybu

vulnerability_id VCID-pme4-1y6v-4ybu

summary A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3673

reference_id

reference_type

scores

value	0.00644
scoring_system	epss
scoring_elements	0.70689
published_at	2026-04-21T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70594
published_at	2026-04-01T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70607
published_at	2026-04-02T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70623
published_at	2026-04-04T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70601
published_at	2026-04-07T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70646
published_at	2026-04-08T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70662
published_at	2026-04-09T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70685
published_at	2026-04-11T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.7067
published_at	2026-04-12T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70657
published_at	2026-04-13T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.70702
published_at	2026-04-16T12:55:00Z

value	0.00644
scoring_system	epss
scoring_elements	0.7071
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3673

reference_url

https://security.archlinux.org/AVG-2245

reference_id

AVG-2245

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2245

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-3673

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pme4-1y6v-4ybu

103

url VCID-pq2q-hnd2-y3eb

vulnerability_id VCID-pq2q-hnd2-y3eb

summary Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-29645

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17568
published_at	2026-04-21T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17662
published_at	2026-04-09T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.1768
published_at	2026-04-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17634
published_at	2026-04-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17581
published_at	2026-04-13T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17527
published_at	2026-04-16T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17535
published_at	2026-04-18T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17736
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17783
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17511
published_at	2026-04-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17601
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-29645

reference_url

https://github.com/radareorg/radare2/pull/22561

reference_id

22561

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/

url

https://github.com/radareorg/radare2/pull/22561

reference_url

https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620

reference_id

72bf3a486fa851797aa21887a40ba0e3d3a6d620

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/

url

https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620

reference_url

https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027

reference_id

83f0f5e8a475284d64bf99fb342e9027

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/

url

https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2024-29645

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq2q-hnd2-y3eb

104

url VCID-pqrq-1jus-tkep

vulnerability_id VCID-pqrq-1jus-tkep

summary In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16358

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.40099
published_at	2026-04-21T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40177
published_at	2026-04-18T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.4004
published_at	2026-04-01T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40189
published_at	2026-04-02T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40214
published_at	2026-04-04T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40137
published_at	2026-04-07T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.4019
published_at	2026-04-08T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40201
published_at	2026-04-09T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40213
published_at	2026-04-11T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40176
published_at	2026-04-12T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40157
published_at	2026-04-13T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40207
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16358

reference_url	https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9

reference_url	https://github.com/radare/radare2/issues/8748
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8748

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880619
reference_id	880619
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880619

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16358

reference_id

CVE-2017-16358

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16358

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-16358

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqrq-1jus-tkep

105

url VCID-pt1y-cpch-1qfn

vulnerability_id VCID-pt1y-cpch-1qfn

summary Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1238

reference_id

reference_type

scores

value	0.00269
scoring_system	epss
scoring_elements	0.50334
published_at	2026-04-01T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.5039
published_at	2026-04-02T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.5042
published_at	2026-04-04T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50372
published_at	2026-04-07T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50425
published_at	2026-04-08T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50419
published_at	2026-04-09T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.5046
published_at	2026-04-11T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50437
published_at	2026-04-12T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50422
published_at	2026-04-13T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50465
published_at	2026-04-16T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50469
published_at	2026-04-18T12:55:00Z

value	0.00269
scoring_system	epss
scoring_elements	0.50445
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1238

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1238

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pt1y-cpch-1qfn

106

url VCID-pu3q-x2ey-zydp

vulnerability_id VCID-pu3q-x2ey-zydp

summary An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48241

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22691
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22793
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22816
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22777
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22721
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22736
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22732
published_at	2026-04-18T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22832
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22876
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22667
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22742
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48241

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088693
reference_id	1088693
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088693

reference_url

https://github.com/radareorg/radare2/issues/23317

reference_id

23317

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/

url

https://github.com/radareorg/radare2/issues/23317

reference_url

https://github.com/radareorg/radare2/pull/23318

reference_id

23318

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/

url

https://github.com/radareorg/radare2/pull/23318

reference_url

https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md

reference_id

CVE-2024-48241.md

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/

url

https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md

fixed_packages

url	pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.8%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2024-48241

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pu3q-x2ey-zydp

107

url VCID-pz9s-ebvf-77c5

vulnerability_id VCID-pz9s-ebvf-77c5

summary The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-10929

reference_id

reference_type

scores

value	0.00369
scoring_system	epss
scoring_elements	0.58687
published_at	2026-04-01T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58761
published_at	2026-04-02T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58783
published_at	2026-04-04T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58751
published_at	2026-04-07T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58803
published_at	2026-04-08T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.5881
published_at	2026-04-12T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58828
published_at	2026-04-18T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58791
published_at	2026-04-13T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58823
published_at	2026-04-16T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.58805
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-10929

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369
reference_id	867369
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369

fixed_packages

url	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-10929

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pz9s-ebvf-77c5

108

url VCID-q9et-b46r-nfhd

vulnerability_id VCID-q9et-b46r-nfhd

summary A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11858

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11617
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11487
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11491
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11698
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11742
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11527
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11613
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11673
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11686
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11649
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11625
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11858

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2329102

reference_id

show_bug.cgi?id=2329102

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-16T16:38:39Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2329102

fixed_packages

url	pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.8%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2024-11858

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9et-b46r-nfhd

109

url VCID-qtjk-bakx-nyar

vulnerability_id VCID-qtjk-bakx-nyar

summary The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15368

reference_id

reference_type

scores

value	0.00237
scoring_system	epss
scoring_elements	0.46815
published_at	2026-04-18T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46818
published_at	2026-04-16T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46699
published_at	2026-04-01T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46738
published_at	2026-04-02T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46758
published_at	2026-04-04T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46706
published_at	2026-04-07T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46761
published_at	2026-04-08T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.4676
published_at	2026-04-09T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46783
published_at	2026-04-11T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46755
published_at	2026-04-12T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.46762
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15368

reference_url	https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515

reference_url	https://github.com/radare/radare2/issues/8673
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8673

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878767
reference_id	878767
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878767

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15368

reference_id

CVE-2017-15368

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15368

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-15368

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtjk-bakx-nyar

110

url VCID-qvdt-rhku-v7cb

vulnerability_id VCID-qvdt-rhku-v7cb

summary The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11376

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11376

reference_url	https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf

reference_url	https://github.com/radare/radare2/issues/9904
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9904

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11376

reference_id

CVE-2018-11376

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11376

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11376

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvdt-rhku-v7cb

111

url VCID-rgst-sefy-mya3

vulnerability_id VCID-rgst-sefy-mya3

summary Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1031

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.51927
published_at	2026-04-01T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51975
published_at	2026-04-02T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52
published_at	2026-04-04T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51966
published_at	2026-04-07T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52021
published_at	2026-04-08T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52019
published_at	2026-04-09T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52071
published_at	2026-04-11T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52053
published_at	2026-04-12T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52037
published_at	2026-04-13T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52077
published_at	2026-04-16T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52083
published_at	2026-04-18T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52064
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1031

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1031

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgst-sefy-mya3

112

url VCID-rwf4-6fjk-cqfp

vulnerability_id VCID-rwf4-6fjk-cqfp

summary opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19843

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37484
published_at	2026-04-01T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37649
published_at	2026-04-02T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37673
published_at	2026-04-04T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37551
published_at	2026-04-07T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37603
published_at	2026-04-08T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37616
published_at	2026-04-09T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.3763
published_at	2026-04-11T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37596
published_at	2026-04-12T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37568
published_at	2026-04-13T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37613
published_at	2026-04-16T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37593
published_at	2026-04-18T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.3753
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19843

fixed_packages

url	pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-19843

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwf4-6fjk-cqfp

113

url VCID-sf7m-amp2-ebde

vulnerability_id VCID-sf7m-amp2-ebde

summary The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11377

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49032
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48984
published_at	2026-04-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49036
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48927
published_at	2026-04-01T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48963
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4899
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48944
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48998
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48994
published_at	2026-04-21T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49011
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11377

reference_url	https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4

reference_url	https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422

reference_url	https://github.com/radare/radare2/issues/9901
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9901

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11377

reference_id

CVE-2018-11377

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11377

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11377

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sf7m-amp2-ebde

114

url VCID-sgqw-g5s2-6ydd

vulnerability_id VCID-sgqw-g5s2-6ydd

summary NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4843

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18729
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1879
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18843
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18849
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18802
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18749
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18699
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18711
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18934
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18987
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1871
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4843

reference_url

https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f

reference_id

075b2760-66a0-4d38-b3b5-e9934956ab7f

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/

url

https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f

reference_url

https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24

reference_id

842f809d4ec6a12af2906f948657281c9ebc8a24

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/

url

https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/

reference_id

FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/

reference_id

OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-4843

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgqw-g5s2-6ydd

115

url VCID-shpa-bmwh-yqb8

vulnerability_id VCID-shpa-bmwh-yqb8

summary In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15834

reference_id

reference_type

scores

value	0.00146
scoring_system	epss
scoring_elements	0.34917
published_at	2026-04-01T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35115
published_at	2026-04-02T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35143
published_at	2026-04-04T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35022
published_at	2026-04-07T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35066
published_at	2026-04-08T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35092
published_at	2026-04-09T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35096
published_at	2026-04-11T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35062
published_at	2026-04-12T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35037
published_at	2026-04-13T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35075
published_at	2026-04-16T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.3506
published_at	2026-04-18T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35014
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15834

fixed_packages

url	pkg:deb/debian/radare2@2.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-15834

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shpa-bmwh-yqb8

116

url VCID-sk4s-yzns-jfbk

vulnerability_id VCID-sk4s-yzns-jfbk

summary Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4398

reference_id

reference_type

scores

value	0.00324
scoring_system	epss
scoring_elements	0.55506
published_at	2026-04-21T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55487
published_at	2026-04-13T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55523
published_at	2026-04-16T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55527
published_at	2026-04-18T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55461
published_at	2026-04-02T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55485
published_at	2026-04-04T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55463
published_at	2026-04-07T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55515
published_at	2026-04-08T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55516
published_at	2026-04-09T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55525
published_at	2026-04-11T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55504
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4398

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027144
reference_id	1027144
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027144

reference_url

https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8

reference_id

b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:50:32Z/

url

https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8

reference_url

https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2

reference_id

c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:50:32Z/

url

https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-4398

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk4s-yzns-jfbk

117

url VCID-sua7-jxfv-tfhe

vulnerability_id VCID-sua7-jxfv-tfhe

summary A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5642

reference_id

reference_type

scores

value	0.0016
scoring_system	epss
scoring_elements	0.36921
published_at	2026-04-11T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36983
published_at	2026-04-02T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.37018
published_at	2026-04-04T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36846
published_at	2026-04-07T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36897
published_at	2026-04-08T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36912
published_at	2026-04-09T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36832
published_at	2026-04-21T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.3689
published_at	2026-04-18T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36906
published_at	2026-04-16T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36861
published_at	2026-04-13T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36886
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5642

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24231

reference_id

24231

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://github.com/radareorg/radare2/issues/24231

reference_url

https://github.com/radareorg/radare2/issues/24231#issuecomment-2918848163

reference_id

24231#issuecomment-2918848163

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://github.com/radareorg/radare2/issues/24231#issuecomment-2918848163

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311130

reference_id

?ctiid.311130

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://vuldb.com/?ctiid.311130

reference_url

https://vuldb.com/?id.311130

reference_id

?id.311130

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://vuldb.com/?id.311130

reference_url

https://vuldb.com/?submit.586910

reference_id

?submit.586910

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://vuldb.com/?submit.586910

reference_url

https://drive.google.com/file/d/1joXpofhKSeb3uJ034ayVuWIoJj08gm_9/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/

url

https://drive.google.com/file/d/1joXpofhKSeb3uJ034ayVuWIoJj08gm_9/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5642

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sua7-jxfv-tfhe

118

url VCID-swsv-3s4g-kbea

vulnerability_id VCID-swsv-3s4g-kbea

summary An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27793

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.60737
published_at	2026-04-01T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.6081
published_at	2026-04-02T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60839
published_at	2026-04-04T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60803
published_at	2026-04-07T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60852
published_at	2026-04-08T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60868
published_at	2026-04-09T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60889
published_at	2026-04-11T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60876
published_at	2026-04-12T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60857
published_at	2026-04-13T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60899
published_at	2026-04-16T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60904
published_at	2026-04-18T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60888
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27793

fixed_packages

url	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2020-27793

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swsv-3s4g-kbea

119

url VCID-tbyx-yrx3-vfag

vulnerability_id VCID-tbyx-yrx3-vfag

summary Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1240

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.46991
published_at	2026-04-01T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47028
published_at	2026-04-02T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47047
published_at	2026-04-04T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.46995
published_at	2026-04-07T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47049
published_at	2026-04-21T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47045
published_at	2026-04-09T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47069
published_at	2026-04-11T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47043
published_at	2026-04-12T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47105
published_at	2026-04-16T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47101
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1240

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1240

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbyx-yrx3-vfag

120

url VCID-tdq4-q57q-ufht

vulnerability_id VCID-tdq4-q57q-ufht

summary Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1714

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32832
published_at	2026-04-21T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35056
published_at	2026-04-02T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35083
published_at	2026-04-04T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34963
published_at	2026-04-07T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35008
published_at	2026-04-08T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35037
published_at	2026-04-09T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34858
published_at	2026-04-01T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35005
published_at	2026-04-12T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34981
published_at	2026-04-13T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35021
published_at	2026-04-16T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35006
published_at	2026-04-18T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.35041
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1714

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1714

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdq4-q57q-ufht

121

url VCID-te26-ushn-aybj

vulnerability_id VCID-te26-ushn-aybj

summary An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26475

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.17776
published_at	2026-04-21T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17729
published_at	2026-04-16T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17738
published_at	2026-04-18T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17959
published_at	2026-04-02T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18013
published_at	2026-04-04T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17713
published_at	2026-04-07T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.178
published_at	2026-04-08T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17861
published_at	2026-04-09T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17877
published_at	2026-04-11T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17833
published_at	2026-04-12T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17785
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26475

reference_url

https://github.com/TronciuVlad/CVE-2024-26475

reference_id

CVE-2024-26475

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T16:01:17Z/

url

https://github.com/TronciuVlad/CVE-2024-26475

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2024-26475

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-te26-ushn-aybj

122

url VCID-tqf6-xzpu-37d9

vulnerability_id VCID-tqf6-xzpu-37d9

summary Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1451

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.5095
published_at	2026-04-01T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51003
published_at	2026-04-02T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51028
published_at	2026-04-04T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.50985
published_at	2026-04-07T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51042
published_at	2026-04-08T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51039
published_at	2026-04-09T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51082
published_at	2026-04-11T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.5106
published_at	2026-04-12T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51043
published_at	2026-04-13T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51081
published_at	2026-04-16T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51087
published_at	2026-04-18T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51064
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1451

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1451

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqf6-xzpu-37d9

123

url VCID-tww2-m12z-sbbv

vulnerability_id VCID-tww2-m12z-sbbv

summary In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20458

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39481
published_at	2026-04-21T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39565
published_at	2026-04-18T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3943
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39579
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39602
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39518
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39573
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39589
published_at	2026-04-09T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39599
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39561
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39545
published_at	2026-04-13T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39595
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20458

reference_url	https://github.com/radareorg/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19

reference_url	https://github.com/radare/radare2/issues/12374
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12374

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20458

reference_id

CVE-2018-20458

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20458

fixed_packages

url	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20458

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tww2-m12z-sbbv

124

url VCID-uxqx-tssw-jqfz

vulnerability_id VCID-uxqx-tssw-jqfz

summary In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8809

reference_id

reference_type

scores

value	0.0013
scoring_system	epss
scoring_elements	0.3249
published_at	2026-04-01T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32635
published_at	2026-04-02T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.3267
published_at	2026-04-04T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32493
published_at	2026-04-07T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.3254
published_at	2026-04-08T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32565
published_at	2026-04-09T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32568
published_at	2026-04-11T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32531
published_at	2026-04-12T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32503
published_at	2026-04-13T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32538
published_at	2026-04-16T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32516
published_at	2026-04-18T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32484
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8809

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895751
reference_id	895751
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895751

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-8809

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxqx-tssw-jqfz

125

url VCID-uzg5-a999-afhp

vulnerability_id VCID-uzg5-a999-afhp

summary security update

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2305

reference_id

reference_type

scores

value	0.28664
scoring_system	epss
scoring_elements	0.96506
published_at	2026-04-01T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96515
published_at	2026-04-02T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.9652
published_at	2026-04-04T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96524
published_at	2026-04-07T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96532
published_at	2026-04-08T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96534
published_at	2026-04-09T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96537
published_at	2026-04-12T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.9654
published_at	2026-04-13T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96546
published_at	2026-04-16T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96552
published_at	2026-04-18T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96555
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2305

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191049
reference_id	1191049
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191049

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397
reference_id	778397
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402
reference_id	778402
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406
reference_id	778406
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408
reference_id	778408
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409
reference_id	778409
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412
reference_id	778412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412

reference_url	https://access.redhat.com/errata/RHSA-2015:1053
reference_id	RHSA-2015:1053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1053

reference_url	https://access.redhat.com/errata/RHSA-2015:1066
reference_id	RHSA-2015:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1066

reference_url	https://usn.ubuntu.com/2572-1/
reference_id	USN-2572-1
reference_type
scores
url	https://usn.ubuntu.com/2572-1/

reference_url	https://usn.ubuntu.com/2594-1/
reference_id	USN-2594-1
reference_type
scores
url	https://usn.ubuntu.com/2594-1/

fixed_packages

url	pkg:deb/debian/radare2@0.10.5%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@0.10.5%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0.10.5%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2015-2305

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzg5-a999-afhp

126

url VCID-v386-f2n9-8ya1

vulnerability_id VCID-v386-f2n9-8ya1

summary The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6319

reference_id

reference_type

scores

value	0.00292
scoring_system	epss
scoring_elements	0.52456
published_at	2026-04-01T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52502
published_at	2026-04-02T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52528
published_at	2026-04-04T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52495
published_at	2026-04-07T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52548
published_at	2026-04-08T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52542
published_at	2026-04-09T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52593
published_at	2026-04-11T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52577
published_at	2026-04-12T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52562
published_at	2026-04-13T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52602
published_at	2026-04-16T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52609
published_at	2026-04-18T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52594
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6319

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856579
reference_id	856579
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856579

fixed_packages

url	pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid
purl	pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-6319

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v386-f2n9-8ya1

127

url VCID-v71n-cp33-7uc9

vulnerability_id VCID-v71n-cp33-7uc9

summary NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0712

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62123
published_at	2026-04-01T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62184
published_at	2026-04-02T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62215
published_at	2026-04-04T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62182
published_at	2026-04-07T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62232
published_at	2026-04-08T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62249
published_at	2026-04-09T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62267
published_at	2026-04-11T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62257
published_at	2026-04-12T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62235
published_at	2026-04-13T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6228
published_at	2026-04-16T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62287
published_at	2026-04-18T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62272
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0712

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0712

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v71n-cp33-7uc9

128

url VCID-v7dw-jebk-xybc

vulnerability_id VCID-v7dw-jebk-xybc

summary A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5645

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35253
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35153
published_at	2026-04-21T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35201
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35215
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35176
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.352
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35232
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35206
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35162
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35281
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5645

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24234

reference_id

24234

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://github.com/radareorg/radare2/issues/24234

reference_url

https://github.com/radareorg/radare2/issues/24234#issuecomment-2918847551

reference_id

24234#issuecomment-2918847551

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://github.com/radareorg/radare2/issues/24234#issuecomment-2918847551

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311133

reference_id

?ctiid.311133

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://vuldb.com/?ctiid.311133

reference_url

https://vuldb.com/?id.311133

reference_id

?id.311133

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://vuldb.com/?id.311133

reference_url

https://vuldb.com/?submit.586922

reference_id

?submit.586922

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://vuldb.com/?submit.586922

reference_url

https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/

url

https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing

fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-5645

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7dw-jebk-xybc

129

url VCID-v86n-wjus-g7h5

vulnerability_id VCID-v86n-wjus-g7h5

summary radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27114

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22439
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22477
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22492
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22489
published_at	2026-04-18T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22589
published_at	2026-04-02T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22631
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22418
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.225
published_at	2026-04-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22554
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22572
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27114

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032667
reference_id	1032667
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032667

reference_url

https://github.com/radareorg/radare2/issues/21363

reference_id

21363

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:14:47Z/

url

https://github.com/radareorg/radare2/issues/21363

reference_url

https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509

reference_id

a15067a8eaa836bcc24b0882712c14d1baa66509

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:14:47Z/

url

https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-27114

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v86n-wjus-g7h5

130

url VCID-vemn-pw8w-y3dq

vulnerability_id VCID-vemn-pw8w-y3dq

summary The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11384

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48046
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4809
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47976
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48014
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48034
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47984
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48037
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48031
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48055
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48043
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11384

reference_url	https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add

reference_url	https://github.com/radare/radare2/issues/9903
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/9903

reference_url	https://security.archlinux.org/ASA-201806-2
reference_id	ASA-201806-2
reference_type
scores
url	https://security.archlinux.org/ASA-201806-2

reference_url

https://security.archlinux.org/AVG-709

reference_id

AVG-709

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-709

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11384

reference_id

CVE-2018-11384

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11384

fixed_packages

url	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-11384

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vemn-pw8w-y3dq

131

url VCID-vfpa-egy5-xfad

vulnerability_id VCID-vfpa-egy5-xfad

summary The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14015

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.4538
published_at	2026-04-21T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45292
published_at	2026-04-01T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45372
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45336
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45391
published_at	2026-04-08T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45413
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45383
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45435
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14015

reference_url	https://github.com/radareorg/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3
reference_id
reference_type
scores
url	https://github.com/radareorg/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3

reference_url	https://github.com/radare/radare2/issues/10465
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/10465

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903724
reference_id	903724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14015

reference_id

CVE-2018-14015

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14015

fixed_packages

url	pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-14015

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfpa-egy5-xfad

132

url VCID-w45p-1p1t-tkav

vulnerability_id VCID-w45p-1p1t-tkav

summary Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34520

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32799
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32835
published_at	2026-04-04T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32656
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32704
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.3273
published_at	2026-04-09T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32731
published_at	2026-04-11T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32695
published_at	2026-04-12T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32667
published_at	2026-04-13T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32706
published_at	2026-04-16T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32683
published_at	2026-04-18T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32653
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34520

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979
reference_id	1016979
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-34520

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w45p-1p1t-tkav

133

url VCID-w5bc-f4gs-aqa6

vulnerability_id VCID-w5bc-f4gs-aqa6

summary Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1237

reference_id

reference_type

scores

value	0.00258
scoring_system	epss
scoring_elements	0.49093
published_at	2026-04-01T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49126
published_at	2026-04-02T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49156
published_at	2026-04-13T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49108
published_at	2026-04-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49162
published_at	2026-04-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49159
published_at	2026-04-09T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49176
published_at	2026-04-11T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4915
published_at	2026-04-12T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49202
published_at	2026-04-16T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.492
published_at	2026-04-18T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49169
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1237

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1237

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5bc-f4gs-aqa6

134

url VCID-wbqn-8k7x-bbc6

vulnerability_id VCID-wbqn-8k7x-bbc6

summary The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9761

reference_id

reference_type

scores

value	0.00227
scoring_system	epss
scoring_elements	0.45404
published_at	2026-04-01T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45478
published_at	2026-04-02T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.455
published_at	2026-04-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45445
published_at	2026-04-07T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45499
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4552
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4549
published_at	2026-04-12T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45495
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45543
published_at	2026-04-16T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45539
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45489
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9761

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869428
reference_id	869428
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869428

fixed_packages

url	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-9761

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbqn-8k7x-bbc6

135

url VCID-wgf3-z9qx-y7gc

vulnerability_id VCID-wgf3-z9qx-y7gc

summary In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20456

reference_id

reference_type

scores

value	0.0018
scoring_system	epss
scoring_elements	0.39623
published_at	2026-04-21T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39707
published_at	2026-04-18T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3957
published_at	2026-04-01T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39719
published_at	2026-04-02T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39741
published_at	2026-04-04T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3966
published_at	2026-04-07T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39714
published_at	2026-04-08T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39728
published_at	2026-04-09T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39738
published_at	2026-04-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39702
published_at	2026-04-12T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39686
published_at	2026-04-13T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39735
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20456

reference_url	https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185

reference_url	https://github.com/radare/radare2/issues/12372
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/12372

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::
reference_id	cpe:2.3:a:radare:radare2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20456

reference_id

CVE-2018-20456

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20456

fixed_packages

url	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2018-20456

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgf3-z9qx-y7gc

136

url VCID-wkg7-9vfg-rbgc

vulnerability_id VCID-wkg7-9vfg-rbgc

summary radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-47016

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39402
published_at	2026-04-21T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39519
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3948
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39463
published_at	2026-04-13T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39514
published_at	2026-04-16T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39486
published_at	2026-04-18T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39499
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39522
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39437
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39492
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39508
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-47016

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056930
reference_id	1056930
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056930

reference_url

https://github.com/radareorg/radare2/issues/22349

reference_id

22349

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/

url

https://github.com/radareorg/radare2/issues/22349

reference_url

https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd

reference_id

40c9f50e127be80b9d816bce2ab2ee790831aefd

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/

url

https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd

reference_url

https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa

reference_id

65705be4f84269cb7cd725a1d4ab2ffa

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/

url

https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2023-47016

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkg7-9vfg-rbgc

137

url VCID-wqu2-yhcs-tqgh

vulnerability_id VCID-wqu2-yhcs-tqgh

summary In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15932

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.4284
published_at	2026-04-21T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42902
published_at	2026-04-18T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42784
published_at	2026-04-01T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42854
published_at	2026-04-13T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42881
published_at	2026-04-04T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42821
published_at	2026-04-07T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42871
published_at	2026-04-12T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42884
published_at	2026-04-09T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42906
published_at	2026-04-11T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42914
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15932

reference_url	https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9

reference_url	https://github.com/radare/radare2/issues/8743
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8743

reference_url	http://www.securityfocus.com/bid/101614
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101614

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880024
reference_id	880024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880024

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15932

reference_id

CVE-2017-15932

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15932

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-15932

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqu2-yhcs-tqgh

138

url VCID-wtnj-8rc9-tuaj

vulnerability_id VCID-wtnj-8rc9-tuaj

summary In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15121

reference_id

reference_type

scores

value	0.00593
scoring_system	epss
scoring_elements	0.69188
published_at	2026-04-01T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69204
published_at	2026-04-02T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69225
published_at	2026-04-04T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69207
published_at	2026-04-07T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69257
published_at	2026-04-08T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69275
published_at	2026-04-09T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69297
published_at	2026-04-11T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69282
published_at	2026-04-12T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69254
published_at	2026-04-13T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69292
published_at	2026-04-16T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69301
published_at	2026-04-18T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69281
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15121

fixed_packages

url	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2020-15121

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtnj-8rc9-tuaj

139

url VCID-wxqc-aaxn-3ud4

vulnerability_id VCID-wxqc-aaxn-3ud4

summary In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32613

reference_id

reference_type

scores

value	0.00336
scoring_system	epss
scoring_elements	0.56453
published_at	2026-04-21T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.5632
published_at	2026-04-01T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56422
published_at	2026-04-02T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56444
published_at	2026-04-04T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56426
published_at	2026-04-07T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56477
published_at	2026-04-08T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56482
published_at	2026-04-09T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56493
published_at	2026-04-11T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56468
published_at	2026-04-12T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56449
published_at	2026-04-13T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56481
published_at	2026-04-16T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56483
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32613

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067
reference_id	989067
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067

reference_url	https://security.archlinux.org/ASA-202106-40
reference_id	ASA-202106-40
reference_type
scores
url	https://security.archlinux.org/ASA-202106-40

reference_url

https://security.archlinux.org/AVG-1950

reference_id

AVG-1950

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1950

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-32613

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxqc-aaxn-3ud4

140

url VCID-wxu7-ngjj-jbac

vulnerability_id VCID-wxu7-ngjj-jbac

summary A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-63744

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09338
published_at	2026-04-21T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09187
published_at	2026-04-18T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09188
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09297
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09757
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1902
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18967
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18743
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18823
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18875
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18881
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-63744

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120792
reference_id	1120792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120792

reference_url

https://github.com/radareorg/radare2/issues/24661

reference_id

24661

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/

url

https://github.com/radareorg/radare2/issues/24661

reference_url

https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79

reference_id

e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/

url

https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79

reference_url

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md

reference_id

MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/

url

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md

reference_url

https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md

reference_id

radare2-nullptr-deref-bin_dyldcache.md

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/

url

https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md

fixed_packages

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2025-63744

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxu7-ngjj-jbac

141

url VCID-x1ew-h8tp-67c2

vulnerability_id VCID-x1ew-h8tp-67c2

summary Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1899

reference_id

reference_type

scores

value	0.00454
scoring_system	epss
scoring_elements	0.6371
published_at	2026-04-01T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63771
published_at	2026-04-02T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63798
published_at	2026-04-04T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63754
published_at	2026-04-07T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63806
published_at	2026-04-08T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63823
published_at	2026-04-09T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63836
published_at	2026-04-11T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63822
published_at	2026-04-12T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63789
published_at	2026-04-13T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63824
published_at	2026-04-16T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63833
published_at	2026-04-18T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63821
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1899

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1899

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ew-h8tp-67c2

142

url VCID-x9x1-xeec-z7ej

vulnerability_id VCID-x9x1-xeec-z7ej

summary In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15931

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.4284
published_at	2026-04-21T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42902
published_at	2026-04-18T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42784
published_at	2026-04-01T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42854
published_at	2026-04-13T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42881
published_at	2026-04-04T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42821
published_at	2026-04-07T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42871
published_at	2026-04-12T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42884
published_at	2026-04-09T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42906
published_at	2026-04-11T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42914
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15931

reference_url	https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd

reference_url	https://github.com/radare/radare2/issues/8731
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/8731

reference_url	http://www.securityfocus.com/bid/101609
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101609

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025
reference_id	880025
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_id	cpe:2.3:a:radare:radare2:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15931

reference_id

CVE-2017-15931

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15931

fixed_packages

url	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-15931

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9x1-xeec-z7ej

143

url VCID-xgjj-4vb7-uubp

vulnerability_id VCID-xgjj-4vb7-uubp

summary Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34502

reference_id

reference_type

scores

value	0.00142
scoring_system	epss
scoring_elements	0.34539
published_at	2026-04-02T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34567
published_at	2026-04-04T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34434
published_at	2026-04-07T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34477
published_at	2026-04-08T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34506
published_at	2026-04-09T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34507
published_at	2026-04-11T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34468
published_at	2026-04-12T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34444
published_at	2026-04-13T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.3448
published_at	2026-04-16T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34465
published_at	2026-04-18T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.34425
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34502

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979
reference_id	1016979
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-34502

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgjj-4vb7-uubp

144

url VCID-xuw5-8svs-p3a7

vulnerability_id VCID-xuw5-8svs-p3a7

summary A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28069

reference_id

reference_type

scores

value	0.00135
scoring_system	epss
scoring_elements	0.33138
published_at	2026-04-21T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33175
published_at	2026-04-18T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33276
published_at	2026-04-02T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33309
published_at	2026-04-04T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33142
published_at	2026-04-07T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33185
published_at	2026-04-08T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33218
published_at	2026-04-09T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.3322
published_at	2026-04-11T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33181
published_at	2026-04-12T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33157
published_at	2026-04-13T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33197
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28069

reference_url

https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a

reference_id

49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:21:58Z/

url

https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-28069

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xuw5-8svs-p3a7

145

url VCID-xype-sjmg-s3gz

vulnerability_id VCID-xype-sjmg-s3gz

summary In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14745

reference_id

reference_type

scores

value	0.07084
scoring_system	epss
scoring_elements	0.91476
published_at	2026-04-01T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91482
published_at	2026-04-02T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91489
published_at	2026-04-04T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91497
published_at	2026-04-07T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.9151
published_at	2026-04-08T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91516
published_at	2026-04-09T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91522
published_at	2026-04-11T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91523
published_at	2026-04-12T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91521
published_at	2026-04-13T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91543
published_at	2026-04-16T12:55:00Z

value	0.07084
scoring_system	epss
scoring_elements	0.91538
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14745

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204
reference_id	934204
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204

fixed_packages

url	pkg:deb/debian/radare2@3.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@3.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2019-14745

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xype-sjmg-s3gz

146

url VCID-y9b9-yzvm-e3df

vulnerability_id VCID-y9b9-yzvm-e3df

summary Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1383

reference_id

reference_type

scores

value	0.00242
scoring_system	epss
scoring_elements	0.47401
published_at	2026-04-01T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47435
published_at	2026-04-02T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47456
published_at	2026-04-04T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47406
published_at	2026-04-07T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.4746
published_at	2026-04-08T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47457
published_at	2026-04-09T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.4748
published_at	2026-04-11T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47455
published_at	2026-04-12T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47462
published_at	2026-04-13T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47521
published_at	2026-04-16T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47513
published_at	2026-04-18T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47466
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1383

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1383

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9b9-yzvm-e3df

147

url VCID-yhm8-zjrk-ykh3

vulnerability_id VCID-yhm8-zjrk-ykh3

summary A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27794

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.60737
published_at	2026-04-01T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.6081
published_at	2026-04-02T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60839
published_at	2026-04-04T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60803
published_at	2026-04-07T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60852
published_at	2026-04-08T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60868
published_at	2026-04-09T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60889
published_at	2026-04-11T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60876
published_at	2026-04-12T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60857
published_at	2026-04-13T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60899
published_at	2026-04-16T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60904
published_at	2026-04-18T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60888
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27794

fixed_packages

url	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2020-27794

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yhm8-zjrk-ykh3

148

url VCID-yjkb-tsqy-uqa5

vulnerability_id VCID-yjkb-tsqy-uqa5

summary The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7274

reference_id

reference_type

scores

value	0.00227
scoring_system	epss
scoring_elements	0.45489
published_at	2026-04-21T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45539
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45404
published_at	2026-04-01T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45478
published_at	2026-04-02T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.455
published_at	2026-04-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45445
published_at	2026-04-07T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45499
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4552
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4549
published_at	2026-04-12T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45495
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45543
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7274

reference_url	https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf
reference_id
reference_type
scores
url	https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf

reference_url	https://github.com/radare/radare2/issues/7152
reference_id
reference_type
scores
url	https://github.com/radare/radare2/issues/7152

reference_url	http://www.securityfocus.com/bid/97181
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97181

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_id	cpe:2.3:a:radare:radare2:1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7274

reference_id

CVE-2017-7274

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7274

fixed_packages

url	pkg:deb/debian/radare2@0?distro=sid
purl	pkg:deb/debian/radare2@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2017-7274

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjkb-tsqy-uqa5

149

url VCID-ynz2-8u9q-2yba

vulnerability_id VCID-ynz2-8u9q-2yba

summary Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0523

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.4724
published_at	2026-04-01T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47277
published_at	2026-04-02T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47296
published_at	2026-04-04T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47243
published_at	2026-04-07T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47298
published_at	2026-04-08T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47294
published_at	2026-04-09T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47318
published_at	2026-04-11T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47293
published_at	2026-04-12T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.473
published_at	2026-04-13T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47358
published_at	2026-04-16T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47353
published_at	2026-04-18T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47303
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0523

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0523

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynz2-8u9q-2yba

150

url VCID-yuwd-fh9w-5bc3

vulnerability_id VCID-yuwd-fh9w-5bc3

summary Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32495

reference_id

reference_type

scores

value	0.00296
scoring_system	epss
scoring_elements	0.52947
published_at	2026-04-21T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52862
published_at	2026-04-02T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52919
published_at	2026-04-13T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52956
published_at	2026-04-16T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52964
published_at	2026-04-18T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52835
published_at	2026-04-01T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52888
published_at	2026-04-04T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52856
published_at	2026-04-07T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52907
published_at	2026-04-08T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52901
published_at	2026-04-09T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52951
published_at	2026-04-11T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52936
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32495

reference_url

https://github.com/radareorg/radare2/issues/18666

reference_id

18666

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/

url

https://github.com/radareorg/radare2/issues/18666

reference_url

https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05

reference_id

5e16e2d1c9fe245e4c17005d779fde91ec0b9c05

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/

url

https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05

fixed_packages

url	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2021-32495

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwd-fh9w-5bc3

151

url VCID-yycm-mx2c-tkae

vulnerability_id VCID-yycm-mx2c-tkae

summary Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1809

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50647
published_at	2026-04-01T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.507
published_at	2026-04-02T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50726
published_at	2026-04-04T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50682
published_at	2026-04-07T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50737
published_at	2026-04-13T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50734
published_at	2026-04-09T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50776
published_at	2026-04-11T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50752
published_at	2026-04-12T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50777
published_at	2026-04-16T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50783
published_at	2026-04-18T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50763
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1809

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1809

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yycm-mx2c-tkae

152

url VCID-z1c6-6naw-byeg

vulnerability_id VCID-z1c6-6naw-byeg

summary Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1452

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.5095
published_at	2026-04-01T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51003
published_at	2026-04-02T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51028
published_at	2026-04-04T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.50985
published_at	2026-04-07T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51042
published_at	2026-04-08T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51039
published_at	2026-04-09T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51082
published_at	2026-04-11T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.5106
published_at	2026-04-12T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51043
published_at	2026-04-13T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51081
published_at	2026-04-16T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51087
published_at	2026-04-18T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51064
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1452

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-1452

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1c6-6naw-byeg

153

url VCID-zec6-qhn1-4qh2

vulnerability_id VCID-zec6-qhn1-4qh2

summary Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0476

reference_id

reference_type

scores

value	0.00225
scoring_system	epss
scoring_elements	0.45129
published_at	2026-04-01T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.4521
published_at	2026-04-02T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45233
published_at	2026-04-04T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45175
published_at	2026-04-07T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.4523
published_at	2026-04-08T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45229
published_at	2026-04-09T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.4525
published_at	2026-04-11T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45218
published_at	2026-04-12T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.4522
published_at	2026-04-13T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45271
published_at	2026-04-16T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45265
published_at	2026-04-18T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45217
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0476

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478
reference_id	1014478
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478

fixed_packages

url	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

aliases CVE-2022-0476

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zec6-qhn1-4qh2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

Package Instance