Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (8)
| Vulnerability |
Summary |
Aliases |
|
VCID-3r1r-24qj-zyef
|
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.
|
CVE-2019-16718
|
|
VCID-54v3-r36b-pqbt
|
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
|
CVE-2018-11382
|
|
VCID-56w7-1t75-ckc9
|
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
|
CVE-2017-7854
|
|
VCID-a4us-jxhs-nfgh
|
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
|
CVE-2018-11375
|
|
VCID-j79s-4ev5-jucd
|
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
|
CVE-2017-7716
|
|
VCID-m715-ppbg-xya5
|
|
CVE-2026-41015
|
|
VCID-sgqw-g5s2-6ydd
|
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
|
CVE-2022-4843
|
|
VCID-yjkb-tsqy-uqa5
|
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
|
CVE-2017-7274
|