Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2y64-np9y-zyfz

Summary A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Aliases

alias	CVE-2025-5648

Fixed_packages

url	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid

url	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
purl	pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5648

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35232
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35253
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35281
published_at	2026-04-04T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35162
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35206
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.34918
published_at	2026-04-24T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35153
published_at	2026-04-21T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35201
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35215
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35176
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.352
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5648

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316
reference_id	1107316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316

reference_url

https://github.com/radareorg/radare2/issues/24238

reference_id

24238

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://github.com/radareorg/radare2/issues/24238

reference_url

https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876

reference_id

24238#issuecomment-2918850876

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876

reference_url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_id

5705d99cc1f23f36f9a84aab26d1724010b97798

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

reference_url

https://vuldb.com/?ctiid.311136

reference_id

?ctiid.311136

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://vuldb.com/?ctiid.311136

reference_url

https://vuldb.com/?id.311136

reference_id

?id.311136

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://vuldb.com/?id.311136

reference_url

https://vuldb.com/?submit.586929

reference_id

?submit.586929

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://vuldb.com/?submit.586929

reference_url

https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	1
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:N/I:N/A:P

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/

url

https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Exploits

Severity_range_score 1.0 - 2.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2y64-np9y-zyfz

Vulnerability Instance