{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","type":"deb","namespace":"debian","name":"radare2","version":"6.0.7+ds-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172501?format=json","vulnerability_id":"VCID-12eh-yc81-afaa","summary":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6415","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45833","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45879","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45904","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45927","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45956","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45951","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45896","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45845","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45856","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45798","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45697","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45759","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45778","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6415"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572","reference_id":"856572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937419?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-6415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12eh-yc81-afaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267321?format=json","vulnerability_id":"VCID-1h97-tkwz-8kfr","summary":"A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". An additional warning regarding threading support has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5641","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35592","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5641"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24230","reference_id":"24230","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://github.com/radareorg/radare2/issues/24230"},{"reference_url":"https://github.com/radareorg/radare2/issues/24230#issuecomment-2919612676","reference_id":"24230#issuecomment-2919612676","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://github.com/radareorg/radare2/issues/24230#issuecomment-2919612676"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311129","reference_id":"?ctiid.311129","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://vuldb.com/?ctiid.311129"},{"reference_url":"https://vuldb.com/?id.311129","reference_id":"?id.311129","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://vuldb.com/?id.311129"},{"reference_url":"https://vuldb.com/?submit.586909","reference_id":"?submit.586909","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://vuldb.com/?submit.586909"},{"reference_url":"https://drive.google.com/file/d/1oG5IC7qhL_SJsIHpnWp7MZlWJGYt8qWZ/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:16:24Z/"}],"url":"https://drive.google.com/file/d/1oG5IC7qhL_SJsIHpnWp7MZlWJGYt8qWZ/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5641"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1h97-tkwz-8kfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264800?format=json","vulnerability_id":"VCID-1jmy-vuq8-8ufa","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0713","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5687","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56966","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57017","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57029","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57008","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57014","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57011","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56987","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5694","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56924","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56877","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56923","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56984","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0713"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jmy-vuq8-8ufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182286?format=json","vulnerability_id":"VCID-1peb-3y84-tfft","summary":"In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20460","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40757","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4074","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40998","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41079","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41086","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41061","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41104","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41075","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41001","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40906","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40893","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4081","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40667","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20460"},{"reference_url":"https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf"},{"reference_url":"https://github.com/radare/radare2/issues/12376","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12376"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20460","reference_id":"CVE-2018-20460","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937427?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20460"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1peb-3y84-tfft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176882?format=json","vulnerability_id":"VCID-1pp7-8yu7-8kfy","summary":"There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12322","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33417","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33376","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33674","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.34018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.34049","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33946","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33977","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33934","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33948","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33933","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33901","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33526","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33505","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3342","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33309","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12322"},{"reference_url":"https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017"},{"reference_url":"https://github.com/radare/radare2/issues/10294","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10294"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628","reference_id":"901628","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12322","reference_id":"CVE-2018-12322","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12322"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937423?format=json","purl":"pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-12322"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pp7-8yu7-8kfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174419?format=json","vulnerability_id":"VCID-27ek-n7rv-1fdw","summary":"The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9762","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42314","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42387","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42417","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42413","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4237","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42419","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42322","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42256","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42169","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42024","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42099","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42115","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869426","reference_id":"869426","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937415?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-9762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27ek-n7rv-1fdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172516?format=json","vulnerability_id":"VCID-2c7v-zpy1-vba9","summary":"The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6448","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48008","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47986","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48024","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48045","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47994","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48057","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48038","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4805","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47998","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47917","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6448"},{"reference_url":"https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257"},{"reference_url":"https://github.com/radare/radare2/issues/6885","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/6885"},{"reference_url":"http://www.securityfocus.com/bid/97313","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97313"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859447","reference_id":"859447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859447"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6448","reference_id":"CVE-2017-6448","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6448"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937417?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-6448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2c7v-zpy1-vba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176321?format=json","vulnerability_id":"VCID-2gc7-kn57-b3ak","summary":"The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11378","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41993","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41978","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42181","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42239","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42268","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42261","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42291","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42254","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42226","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42277","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42128","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42045","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11378"},{"reference_url":"https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7"},{"reference_url":"https://github.com/radare/radare2/issues/9969","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9969"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11378","reference_id":"CVE-2018-11378","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11378"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11378"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gc7-kn57-b3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/271993?format=json","vulnerability_id":"VCID-2hsg-v6h9-e7er","summary":"A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28071","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26475","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26834","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2666","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26778","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26782","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26681","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2669","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26621","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26484","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26349","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26419","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28071"},{"reference_url":"https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5","reference_id":"65448811e5b9582a19cf631e03cfcaa025a92ef5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:37Z/"}],"url":"https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-28071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsg-v6h9-e7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182281?format=json","vulnerability_id":"VCID-2m2p-3v1v-3ueq","summary":"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20455","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38983","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38966","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39249","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39416","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39354","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3941","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39437","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39398","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3938","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39315","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39119","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39101","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38894","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20455"},{"reference_url":"https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185"},{"reference_url":"https://github.com/radare/radare2/issues/12373","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12373"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20455","reference_id":"CVE-2018-20455","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937427?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20455"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m2p-3v1v-3ueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97804?format=json","vulnerability_id":"VCID-2r7v-s8mc-e7gr","summary":"radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60360","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04998","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04779","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04825","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0477","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04723","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04912","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04951","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0495","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60360"},{"reference_url":"https://github.com/radareorg/radare2/pull/24245","reference_id":"24245","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:31:14Z/"}],"url":"https://github.com/radareorg/radare2/pull/24245"},{"reference_url":"https://usn.ubuntu.com/7915-1/","reference_id":"USN-7915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-60360"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7v-s8mc-e7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174535?format=json","vulnerability_id":"VCID-2u2h-ryzx-wker","summary":"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9949","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56526","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56623","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56644","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56674","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56688","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56672","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56581","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56582","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56537","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56646","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068","reference_id":"866068","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937415?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-9949"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u2h-ryzx-wker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334548?format=json","vulnerability_id":"VCID-2y64-np9y-zyfz","summary":"A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5648","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34683","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35235","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24238","reference_id":"24238","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/24238"},{"reference_url":"https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876","reference_id":"24238#issuecomment-2918850876","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/24238#issuecomment-2918850876"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311136","reference_id":"?ctiid.311136","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://vuldb.com/?ctiid.311136"},{"reference_url":"https://vuldb.com/?id.311136","reference_id":"?id.311136","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://vuldb.com/?id.311136"},{"reference_url":"https://vuldb.com/?submit.586929","reference_id":"?submit.586929","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://vuldb.com/?submit.586929"},{"reference_url":"https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:18:20Z/"}],"url":"https://drive.google.com/file/d/1StQvpouGzMCOGmF3b5q_NxAJiZwivnjp/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5648"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2y64-np9y-zyfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97803?format=json","vulnerability_id":"VCID-378y-5cww-y7eb","summary":"radare2 v5.9.8 and before contains a memory leak in the function bochs_open.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60361","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05134","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05086","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04832","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04875","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04929","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04893","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04822","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04976","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05007","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05037","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60361"},{"reference_url":"https://github.com/radareorg/radare2/pull/24312","reference_id":"24312","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:45:38Z/"}],"url":"https://github.com/radareorg/radare2/pull/24312"},{"reference_url":"https://usn.ubuntu.com/7915-1/","reference_id":"USN-7915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-60361"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-378y-5cww-y7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/194183?format=json","vulnerability_id":"VCID-3px7-6e74-cqfe","summary":"In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12865","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54487","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54388","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5443","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54474","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54443","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54484","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54502","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54505","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54482","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55654","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55542","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704","reference_id":"930704","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930704"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937429?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-12865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3px7-6e74-cqfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197484?format=json","vulnerability_id":"VCID-3r1r-24qj-zyef","summary":"In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16718","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80139","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79959","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79977","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80034","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.8001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80038","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80039","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80067","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80072","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80087","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80101","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16718"},{"reference_url":"https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af"},{"reference_url":"https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7"},{"reference_url":"https://github.com/radareorg/radare2/compare/3.8.0...3.9.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/compare/3.8.0...3.9.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16718","reference_id":"CVE-2019-16718","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-16718"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r1r-24qj-zyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/194115?format=json","vulnerability_id":"VCID-3wjf-z8kn-23g1","summary":"In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12790","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65035","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65085","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65125","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65157","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6512","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65156","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65149","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65179","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65178","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65159","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65206","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65251","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344","reference_id":"930344","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937429?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-12790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3wjf-z8kn-23g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168335?format=json","vulnerability_id":"VCID-41wv-efp7-23cn","summary":"In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16357","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43796","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43778","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43991","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43944","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43995","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43998","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4398","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43965","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44026","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44017","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43953","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43908","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43823","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43703","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16357"},{"reference_url":"https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a"},{"reference_url":"https://github.com/radare/radare2/issues/8742","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8742"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880620","reference_id":"880620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880620"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16357","reference_id":"CVE-2017-16357","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16357"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-16357"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41wv-efp7-23cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84248?format=json","vulnerability_id":"VCID-428v-jh9w-g3g6","summary":"grub2: Stack exhaustion in grub_ext2_read_block","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9763","reference_id":"","reference_type":"","scores":[{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80262","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80225","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80127","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80133","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80152","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80158","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80159","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80162","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80197","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80211","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:C"},{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463361","reference_id":"1463361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423","reference_id":"869423","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937415?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-9763"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-428v-jh9w-g3g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172391?format=json","vulnerability_id":"VCID-4b1u-hdsa-zfb9","summary":"The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6197","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51384","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51435","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51461","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51421","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51475","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51473","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51524","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51511","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51464","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51471","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51432","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51376","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51425","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5147","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063","reference_id":"856063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937418?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-6197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4b1u-hdsa-zfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173279?format=json","vulnerability_id":"VCID-4vtd-8wb9-mqg9","summary":"The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7946","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42913","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42894","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43138","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43076","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43129","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43142","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43163","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4313","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43115","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43175","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43165","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43033","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43035","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42953","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.42817","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7946"},{"reference_url":"https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92"},{"reference_url":"https://github.com/radare/radare2/issues/7301","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7301"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860962","reference_id":"860962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860962"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7946","reference_id":"CVE-2017-7946","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7946"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937421?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7946"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vtd-8wb9-mqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176325?format=json","vulnerability_id":"VCID-54v3-r36b-pqbt","summary":"The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11382","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45957","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45874","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45986","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46037","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46063","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46118","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46025","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45975","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11382"},{"reference_url":"https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff"},{"reference_url":"https://github.com/radare/radare2/issues/10091","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10091"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11382","reference_id":"CVE-2018-11382","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11382"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11382"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54v3-r36b-pqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173226?format=json","vulnerability_id":"VCID-56w7-1t75-ckc9","summary":"The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7854","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4893","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48902","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48901","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48938","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48964","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48918","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48972","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48969","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48986","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4896","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49013","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4901","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48971","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48959","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48968","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48839","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7854"},{"reference_url":"https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4"},{"reference_url":"https://github.com/radare/radare2/issues/7265","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7265"},{"reference_url":"http://www.securityfocus.com/bid/97648","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97648"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7854","reference_id":"CVE-2017-7854","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7854"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56w7-1t75-ckc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172478?format=json","vulnerability_id":"VCID-5hrv-qq76-mbcd","summary":"The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6387","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46259","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46225","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46281","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46282","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46305","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46277","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46343","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46339","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46284","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46276","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46221","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46126","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46192","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46212","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6387"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574","reference_id":"856574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937419?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-6387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hrv-qq76-mbcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/271994?format=json","vulnerability_id":"VCID-5kmb-6m89-6uc6","summary":"A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28072","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68922","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68726","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68803","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68815","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68804","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68852","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68858","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68865","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68844","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68887","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28072"},{"reference_url":"https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45","reference_id":"027cd9b7274988bb1af866539ba6c2fa2ff63e45","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:38:19Z/"}],"url":"https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-28072"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kmb-6m89-6uc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182283?format=json","vulnerability_id":"VCID-5msy-yj5v-myc7","summary":"In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20457","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36958","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36939","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37328","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3749","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37515","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37343","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37394","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37419","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37357","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37403","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37386","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3733","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37079","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36872","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20457"},{"reference_url":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7"},{"reference_url":"https://github.com/radare/radare2/issues/12417","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322","reference_id":"917322","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20457","reference_id":"CVE-2018-20457","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20457"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937428?format=json","purl":"pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20457"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5msy-yj5v-myc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177964?format=json","vulnerability_id":"VCID-5q53-gqkq-27ev","summary":"The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14016","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14016"},{"reference_url":"https://github.com/radareorg/radare2/commit/eb7deb281df54771fb8ecf5890dc325a7d22d3e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/eb7deb281df54771fb8ecf5890dc325a7d22d3e2"},{"reference_url":"https://github.com/radare/radare2/issues/10464","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10464"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903725","reference_id":"903725","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903725"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14016","reference_id":"CVE-2018-14016","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937424?format=json","purl":"pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-14016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q53-gqkq-27ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265235?format=json","vulnerability_id":"VCID-5rv8-9w1a-9yag","summary":"heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1284","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51996","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52043","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52138","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52121","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52147","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52132","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52079","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52085","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51994","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1284"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1284"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv8-9w1a-9yag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265243?format=json","vulnerability_id":"VCID-5xy5-6f5d-83c7","summary":"Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1297","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52944","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52969","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52994","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52961","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53012","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53006","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5304","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53023","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53061","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53068","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5305","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53016","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52985","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52935","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.52986","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53028","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1297"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xy5-6f5d-83c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176324?format=json","vulnerability_id":"VCID-627w-z5ne-kye4","summary":"The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11381","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11381"},{"reference_url":"https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3"},{"reference_url":"https://github.com/radare/radare2/issues/9902","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9902"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11381","reference_id":"CVE-2018-11381","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11381"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11381"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-627w-z5ne-kye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334547?format=json","vulnerability_id":"VCID-6bbs-9d9s-mfeq","summary":"A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5647","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34683","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35235","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24237","reference_id":"24237","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://github.com/radareorg/radare2/issues/24237"},{"reference_url":"https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137","reference_id":"24237#issuecomment-2918846137","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311135","reference_id":"?ctiid.311135","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://vuldb.com/?ctiid.311135"},{"reference_url":"https://vuldb.com/?id.311135","reference_id":"?id.311135","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://vuldb.com/?id.311135"},{"reference_url":"https://vuldb.com/?submit.586928","reference_id":"?submit.586928","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://vuldb.com/?submit.586928"},{"reference_url":"https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T15:06:47Z/"}],"url":"https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bbs-9d9s-mfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199424?format=json","vulnerability_id":"VCID-6s39-wdz1-yuhz","summary":"radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19647","reference_id":"","reference_type":"","scores":[{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65496","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65575","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.6554","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65593","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65605","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.6561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65617","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65613","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65628","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65615","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65663","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65707","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947402","reference_id":"947402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947402"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937431?format=json","purl":"pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@4.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-19647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s39-wdz1-yuhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265242?format=json","vulnerability_id":"VCID-6zbf-v2qf-kudb","summary":"Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1296","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51594","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51645","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51685","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5173","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51692","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51672","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51678","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51582","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51634","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1296"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zbf-v2qf-kudb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224977?format=json","vulnerability_id":"VCID-71pg-p4ht-pudf","summary":"A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27795","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67072","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67189","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67144","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67178","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67192","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67173","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67193","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67205","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67204","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67214","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67252","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27795"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-27795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71pg-p4ht-pudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180908?format=json","vulnerability_id":"VCID-73nh-61r2-4kfr","summary":"getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19842","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54373","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54452","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54474","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54443","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54484","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54502","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54505","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54482","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54388","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5443","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54487","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19842"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937426?format=json","purl":"pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-19842"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73nh-61r2-4kfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199382?format=json","vulnerability_id":"VCID-797x-2rdg-efbq","summary":"In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19590","reference_id":"","reference_type":"","scores":[{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86636","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86667","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86666","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86684","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86694","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86705","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86711","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86717","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86728","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86736","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86757","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86775","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86793","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947791","reference_id":"947791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947791"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937431?format=json","purl":"pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@4.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-19590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-797x-2rdg-efbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261788?format=json","vulnerability_id":"VCID-7f5v-63rw-47c5","summary":"radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44975","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.548","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5468","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54773","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54793","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54785","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54764","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54804","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54786","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54759","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54779","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54757","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54703","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54745","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44975"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490","reference_id":"1014490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490"},{"reference_url":"https://security.archlinux.org/AVG-2748","reference_id":"AVG-2748","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-44975"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7f5v-63rw-47c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/194153?format=json","vulnerability_id":"VCID-7gtx-pkzb-yqcz","summary":"radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12829","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73702","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73735","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73707","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73755","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73778","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.7375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73792","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73801","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73791","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73824","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73833","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73828","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73854","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73878","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590","reference_id":"930590","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930590"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937429?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-12829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gtx-pkzb-yqcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265210?format=json","vulnerability_id":"VCID-7hzf-vk9r-dfh1","summary":"heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1244","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51996","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52043","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52138","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52121","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52147","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52132","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52079","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52085","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51994","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hzf-vk9r-dfh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182288?format=json","vulnerability_id":"VCID-7j2z-8s5s-6ugb","summary":"In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20461","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39036","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39019","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39303","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39465","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39458","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39473","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39429","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3948","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39453","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39367","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39174","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39156","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39075","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38948","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20461"},{"reference_url":"https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267"},{"reference_url":"https://github.com/radare/radare2/issues/12375","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12375"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20461","reference_id":"CVE-2018-20461","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20461"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937427?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7j2z-8s5s-6ugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/271992?format=json","vulnerability_id":"VCID-7jxc-2agn-8kd2","summary":"A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28070","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26732","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26684","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26921","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27035","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27038","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26937","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26947","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26886","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26836","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26829","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26763","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26616","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28070"},{"reference_url":"https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0","reference_id":"4aff1bb00224de4f5bc118f987dfd5d2fe3450d0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:31:03Z/"}],"url":"https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-28070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jxc-2agn-8kd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168337?format=json","vulnerability_id":"VCID-7p7w-jwbj-guea","summary":"In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16359","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40924","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40909","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41149","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41241","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4127","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41274","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41242","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41228","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41243","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41171","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41059","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41054","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40973","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40834","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16359"},{"reference_url":"https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e"},{"reference_url":"https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882"},{"reference_url":"https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d"},{"reference_url":"https://github.com/radare/radare2/issues/8764","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8764"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880616","reference_id":"880616","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880616"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16359","reference_id":"CVE-2017-16359","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16359"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-16359"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7p7w-jwbj-guea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167934?format=json","vulnerability_id":"VCID-8bzm-ye49-w7fc","summary":"The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15385","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51686","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51641","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51601","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51637","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51692","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51688","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51715","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51739","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51726","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51684","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51644","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5159","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15385"},{"reference_url":"https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4"},{"reference_url":"https://github.com/radare/radare2/issues/8685","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8685"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879119","reference_id":"879119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879119"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15385","reference_id":"CVE-2017-15385","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-15385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bzm-ye49-w7fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265460?format=json","vulnerability_id":"VCID-8xen-g6z6-hfcs","summary":"Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1649","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4807","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48128","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48077","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4813","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48125","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48133","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48186","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48137","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48116","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48072","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.47993","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48058","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48081","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1649"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1649"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xen-g6z6-hfcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/263841?format=json","vulnerability_id":"VCID-8zuq-cnzg-9bfk","summary":"A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4021","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63052","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6289","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6292","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62883","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62969","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62957","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62976","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62983","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62962","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62997","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62999","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490","reference_id":"1014490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490"},{"reference_url":"https://security.archlinux.org/AVG-2583","reference_id":"AVG-2583","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2583"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-4021"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zuq-cnzg-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/304369?format=json","vulnerability_id":"VCID-9cdv-pbch-47cp","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4322","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47547","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47656","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47589","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47598","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47544","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4746","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47526","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47597","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4322"},{"reference_url":"https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd","reference_id":"06e2484c-d6f1-4497-af67-26549be9fffd","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051898","reference_id":"1051898","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051898"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/","reference_id":"64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/"},{"reference_url":"https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd","reference_id":"ba919adb74ac368bf76b150a00347ded78b572dd","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/","reference_id":"SOZ6XCADVAPAIHMVSV3FUAN742BHXF55","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-03T14:16:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-4322"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cdv-pbch-47cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177965?format=json","vulnerability_id":"VCID-9nn6-cp89-qkd3","summary":"The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14017","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14017"},{"reference_url":"https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152"},{"reference_url":"https://github.com/radare/radare2/issues/10498","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903726","reference_id":"903726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903726"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14017","reference_id":"CVE-2018-14017","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937424?format=json","purl":"pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-14017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nn6-cp89-qkd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302350?format=json","vulnerability_id":"VCID-9yq7-v9ah-qyek","summary":"An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46570","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33477","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33486","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33369","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33436","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34073","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33969","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34003","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3399","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33957","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33567","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46570"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908","reference_id":"1054908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908"},{"reference_url":"https://github.com/radareorg/radare2/issues/22333","reference_id":"22333","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:52:30Z/"}],"url":"https://github.com/radareorg/radare2/issues/22333"},{"reference_url":"https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6","reference_id":"d7fa58f1b3418ef08ad244acccc10ba6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:52:30Z/"}],"url":"https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-46570"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-v9ah-qyek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334546?format=json","vulnerability_id":"VCID-9zrm-xdkz-fbfb","summary":"A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5646","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34683","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35235","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5646"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24235","reference_id":"24235","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://github.com/radareorg/radare2/issues/24235"},{"reference_url":"https://github.com/radareorg/radare2/issues/24235#issuecomment-2918847213","reference_id":"24235#issuecomment-2918847213","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://github.com/radareorg/radare2/issues/24235#issuecomment-2918847213"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311134","reference_id":"?ctiid.311134","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://vuldb.com/?ctiid.311134"},{"reference_url":"https://vuldb.com/?id.311134","reference_id":"?id.311134","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://vuldb.com/?id.311134"},{"reference_url":"https://vuldb.com/?submit.586923","reference_id":"?submit.586923","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://vuldb.com/?submit.586923"},{"reference_url":"https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:10:51Z/"}],"url":"https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5646"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zrm-xdkz-fbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174241?format=json","vulnerability_id":"VCID-a4ec-hp76-rqcv","summary":"The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9520","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42241","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42316","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42345","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42334","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42328","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.423","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4235","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42326","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42185","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4218","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42098","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.41956","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4203","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42046","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864533","reference_id":"864533","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864533"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937415?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-9520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ec-hp76-rqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176318?format=json","vulnerability_id":"VCID-a4us-jxhs-nfgh","summary":"The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11375","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45957","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45874","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45986","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46037","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46063","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46118","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46025","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45975","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11375"},{"reference_url":"https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68"},{"reference_url":"https://github.com/radare/radare2/issues/9928","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9928"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11375","reference_id":"CVE-2018-11375","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11375"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4us-jxhs-nfgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/189415?format=json","vulnerability_id":"VCID-aekg-54vs-6yca","summary":"In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8810","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8810"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895749","reference_id":"895749","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895749"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-8810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aekg-54vs-6yca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182285?format=json","vulnerability_id":"VCID-ak4h-uq4k-23hs","summary":"In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20459","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39602","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39599","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39595","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39565","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39285","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20459"},{"reference_url":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7"},{"reference_url":"https://github.com/radare/radare2/issues/12418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322","reference_id":"917322","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20459","reference_id":"CVE-2018-20459","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937428?format=json","purl":"pkg:deb/debian/radare2@3.2.1%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.2.1%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20459"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ak4h-uq4k-23hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264936?format=json","vulnerability_id":"VCID-aubp-kw7t-abam","summary":"Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0849","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.4997","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49951","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50016","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50021","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50032","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50005","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50047","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50049","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50009","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49884","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.4994","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0849"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0849"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aubp-kw7t-abam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265338?format=json","vulnerability_id":"VCID-aupe-75b8-fbff","summary":"heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1444","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51996","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52043","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52138","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52121","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52147","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52132","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52079","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52085","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.51994","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aupe-75b8-fbff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176322?format=json","vulnerability_id":"VCID-ausu-fn3w-kueu","summary":"The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11379","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11379"},{"reference_url":"https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c"},{"reference_url":"https://github.com/radare/radare2/issues/9926","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9926"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11379","reference_id":"CVE-2018-11379","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11379"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11379"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ausu-fn3w-kueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250619?format=json","vulnerability_id":"VCID-avnf-p1zx-47ce","summary":"Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32494","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44332","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44419","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44417","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44474","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44464","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44394","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44292","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44296","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44213","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44441","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44375","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4445","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4601","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45991","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45928","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32494"},{"reference_url":"https://github.com/radareorg/radare2/issues/18667","reference_id":"18667","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/"}],"url":"https://github.com/radareorg/radare2/issues/18667"},{"reference_url":"https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62","reference_id":"a07dedb804a82bc01c07072861942dd80c6b6d62","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/"}],"url":"https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-32494"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avnf-p1zx-47ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334543?format=json","vulnerability_id":"VCID-awv9-a65t-gfax","summary":"A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5643","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36912","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37018","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36846","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36473","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36375","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36493","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36581","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36613","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36906","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36861","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36921","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24232","reference_id":"24232","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://github.com/radareorg/radare2/issues/24232"},{"reference_url":"https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776","reference_id":"24232#issuecomment-2918841776","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311131","reference_id":"?ctiid.311131","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://vuldb.com/?ctiid.311131"},{"reference_url":"https://vuldb.com/?id.311131","reference_id":"?id.311131","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://vuldb.com/?id.311131"},{"reference_url":"https://vuldb.com/?submit.586912","reference_id":"?submit.586912","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://vuldb.com/?submit.586912"},{"reference_url":"https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:45:33Z/"}],"url":"https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5643"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awv9-a65t-gfax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/194127?format=json","vulnerability_id":"VCID-ba9q-e289-ekbt","summary":"In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12802","reference_id":"","reference_type":"","scores":[{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.6404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64097","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64083","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.6415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64162","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64151","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.6417","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64178","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64191","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64161","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64204","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64249","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510","reference_id":"930510","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937429?format=json","purl":"pkg:deb/debian/radare2@3.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-12802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba9q-e289-ekbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264628?format=json","vulnerability_id":"VCID-befg-btu3-g3ek","summary":"Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0519","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57709","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57787","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57842","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57844","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57861","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57839","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57846","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57845","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.5778","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57779","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57736","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0519"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-befg-btu3-g3ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175650?format=json","vulnerability_id":"VCID-bkmk-u5ep-w3cq","summary":"In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10187","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305","reference_id":"897305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-10187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkmk-u5ep-w3cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302349?format=json","vulnerability_id":"VCID-bmmz-g7bb-6ydp","summary":"An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46569","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35434","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35343","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35412","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35956","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35817","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35867","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35831","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35858","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35808","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35544","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46569"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908","reference_id":"1054908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054908"},{"reference_url":"https://github.com/radareorg/radare2/issues/22334","reference_id":"22334","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:50:40Z/"}],"url":"https://github.com/radareorg/radare2/issues/22334"},{"reference_url":"https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8","reference_id":"afeaf8cc958f95876f0ee245b8a002e8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-09T19:50:40Z/"}],"url":"https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-46569"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmmz-g7bb-6ydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97801?format=json","vulnerability_id":"VCID-bws2-var3-a3au","summary":"radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60358","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04998","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04779","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04825","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0477","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04723","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04912","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04951","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0495","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60358"},{"reference_url":"https://github.com/radareorg/radare2/pull/24224","reference_id":"24224","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T13:35:56Z/"}],"url":"https://github.com/radareorg/radare2/pull/24224"},{"reference_url":"https://usn.ubuntu.com/7842-1/","reference_id":"USN-7842-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7842-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-60358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bws2-var3-a3au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219453?format=json","vulnerability_id":"VCID-cbnj-ccs4-4uap","summary":"radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17487","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66777","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.6684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66813","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66862","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66849","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66896","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66879","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66918","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66928","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66967","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-17487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbnj-ccs4-4uap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/271990?format=json","vulnerability_id":"VCID-ccqg-j1n1-dqb8","summary":"A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28068","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32897","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33142","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33185","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33218","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33181","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33197","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33175","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33138","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32991","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32975","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32788","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32857","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28068"},{"reference_url":"https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992","reference_id":"637f4bd1af6752e28e0a9998e954e2e9ce6fa992","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:56:12Z/"}],"url":"https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-28068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccqg-j1n1-dqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261787?format=json","vulnerability_id":"VCID-czpx-39nm-3fhk","summary":"radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44974","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57459","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57335","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57416","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57414","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57466","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57469","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57462","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57443","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.5747","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57465","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57422","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57401","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57351","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57395","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44974"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490","reference_id":"1014490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490"},{"reference_url":"https://security.archlinux.org/AVG-2748","reference_id":"AVG-2748","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-44974"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czpx-39nm-3fhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267268?format=json","vulnerability_id":"VCID-dpfc-t7cc-uqef","summary":"Out-of-bounds Write vulnerability in radareorg radare2 allows \n\nheap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1744","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54305","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.5428","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54275","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63718","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63749","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63701","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63736","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63732","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.6375","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63761","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63776","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63733","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64458","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1744"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099620","reference_id":"1099620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099620"},{"reference_url":"https://github.com/radareorg/radare2/pull/23969","reference_id":"23969","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-28T15:21:10Z/"}],"url":"https://github.com/radareorg/radare2/pull/23969"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-1744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpfc-t7cc-uqef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264784?format=json","vulnerability_id":"VCID-drqw-6fx3-augx","summary":"Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0695","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55414","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55418","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55469","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55458","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55374","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55323","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55365","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55422","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0695"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0695"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drqw-6fx3-augx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264632?format=json","vulnerability_id":"VCID-ds17-huzd-37d2","summary":"Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0521","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57709","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57787","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57842","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57844","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57861","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57839","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57846","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57845","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.5778","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57779","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57736","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0521"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ds17-huzd-37d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/271995?format=json","vulnerability_id":"VCID-dzzp-5yb2-h7fq","summary":"A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28073","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58537","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58463","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58453","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58505","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58521","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58526","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5847","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58435","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58478","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28073"},{"reference_url":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","reference_id":"59a9dfb60acf8b5c0312061cffd9693fc9526053","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:02Z/"}],"url":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-28073"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzzp-5yb2-h7fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265092?format=json","vulnerability_id":"VCID-e1ry-7wyr-z7gt","summary":"Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1052","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35448","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35622","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35632","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35565","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35604","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35593","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35544","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35306","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35087","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35156","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1052"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ry-7wyr-z7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265187?format=json","vulnerability_id":"VCID-e4sm-emrh-qkc9","summary":"Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1207","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28699","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2883","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2874","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28744","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.287","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28651","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28485","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28372","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28137","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28195","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28219","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4sm-emrh-qkc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218899?format=json","vulnerability_id":"VCID-e8zb-wjjn-ubd9","summary":"radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16269","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57924","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58009","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58007","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58061","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58065","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58081","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58058","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58038","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58068","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58011","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57966","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58008","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5807","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16269"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-16269"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8zb-wjjn-ubd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/189412?format=json","vulnerability_id":"VCID-egzy-8xjc-muc1","summary":"In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8808","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8808"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895752","reference_id":"895752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895752"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-8808"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egzy-8xjc-muc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264293?format=json","vulnerability_id":"VCID-esdn-avz7-c3g4","summary":"Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0139","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60491","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60594","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60563","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60637","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60658","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60664","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60651","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60648","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60641","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60698","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0139"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esdn-avz7-c3g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285628?format=json","vulnerability_id":"VCID-euwf-e2ud-wban","summary":"Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1605","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50606","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50657","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50612","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50667","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50663","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50683","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50709","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50715","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50695","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50642","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1605"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034180","reference_id":"1034180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034180"},{"reference_url":"https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f","reference_id":"508a6307045441defd1bef0999a1f7052097613f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:30:31Z/"}],"url":"https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f"},{"reference_url":"https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2","reference_id":"9dddcf5b-7dd4-46cc-abf9-172dce20bab2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:30:31Z/"}],"url":"https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-1605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euwf-e2ud-wban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/313761?format=json","vulnerability_id":"VCID-ev6a-h3yd-5udh","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1864","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49414","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4941","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54223","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58243","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58245","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58184","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58198","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58644","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58688","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59397","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622","reference_id":"1099622","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622"},{"reference_url":"https://github.com/radareorg/radare2/pull/23981","reference_id":"23981","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-03T14:09:22Z/"}],"url":"https://github.com/radareorg/radare2/pull/23981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-1864"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev6a-h3yd-5udh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264667?format=json","vulnerability_id":"VCID-fktn-5h3c-t3ay","summary":"Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0559","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55513","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55624","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55648","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55626","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55678","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5569","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5567","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55691","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55695","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55674","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.556","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55617","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55593","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5554","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55587","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55644","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0559"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fktn-5h3c-t3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176326?format=json","vulnerability_id":"VCID-fuw5-x3dd-6yg8","summary":"The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11383","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11383"},{"reference_url":"https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a"},{"reference_url":"https://github.com/radare/radare2/issues/9943","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9943"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11383","reference_id":"CVE-2018-11383","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11383"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11383"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuw5-x3dd-6yg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97805?format=json","vulnerability_id":"VCID-gebx-34kc-xuh6","summary":"radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60359","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04998","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04779","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04825","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0477","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04723","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04912","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04951","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0495","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60359"},{"reference_url":"https://github.com/radareorg/radare2/pull/24215","reference_id":"24215","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T14:23:06Z/"}],"url":"https://github.com/radareorg/radare2/pull/24215"},{"reference_url":"https://usn.ubuntu.com/7915-1/","reference_id":"USN-7915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-60359"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gebx-34kc-xuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176881?format=json","vulnerability_id":"VCID-gmtk-srvb-byek","summary":"There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12321","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37643","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37626","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3813","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38075","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38084","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38102","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38065","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38042","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38067","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37788","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37765","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37671","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37556","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12321"},{"reference_url":"https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d"},{"reference_url":"https://github.com/radare/radare2/issues/10296","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629","reference_id":"901629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12321","reference_id":"CVE-2018-12321","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12321"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937423?format=json","purl":"pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-12321"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmtk-srvb-byek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264627?format=json","vulnerability_id":"VCID-gn9n-bv7p-bbap","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0518","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57568","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57674","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.5765","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57704","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57707","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57722","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57701","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57681","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57711","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57686","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57643","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57642","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57641","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0518"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0518"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gn9n-bv7p-bbap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267266?format=json","vulnerability_id":"VCID-gqsh-nqdu-3qex","summary":"A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1378","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10331","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10267","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10304","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1023","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1033","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10286","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10314","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10181","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10208","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10334","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10365","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10712","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1378"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098376","reference_id":"1098376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098376"},{"reference_url":"https://github.com/radareorg/radare2/issues/23953","reference_id":"23953","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/issues/23953"},{"reference_url":"https://github.com/radareorg/radare2/issues/23953#issue-2844325926","reference_id":"23953#issue-2844325926","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/issues/23953#issue-2844325926"},{"reference_url":"https://github.com/radareorg/radare2/milestone/86","reference_id":"86","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/milestone/86"},{"reference_url":"https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545","reference_id":"c6c772d2eab692ce7ada5a4227afd50c355ad545","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545"},{"reference_url":"https://vuldb.com/?ctiid.295986","reference_id":"?ctiid.295986","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://vuldb.com/?ctiid.295986"},{"reference_url":"https://vuldb.com/?id.295986","reference_id":"?id.295986","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://vuldb.com/?id.295986"},{"reference_url":"https://vuldb.com/?submit.498499","reference_id":"?submit.498499","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:47:48Z/"}],"url":"https://vuldb.com/?submit.498499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-1378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqsh-nqdu-3qex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334544?format=json","vulnerability_id":"VCID-gy1s-hmrp-fbdg","summary":"A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5644","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31858","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31957","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31915","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31776","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31313","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31306","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31238","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31389","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31473","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31768","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31818","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31787","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3186","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5644"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24233","reference_id":"24233","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://github.com/radareorg/radare2/issues/24233"},{"reference_url":"https://github.com/radareorg/radare2/issues/24233#issuecomment-2918847833","reference_id":"24233#issuecomment-2918847833","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://github.com/radareorg/radare2/issues/24233#issuecomment-2918847833"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311132","reference_id":"?ctiid.311132","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://vuldb.com/?ctiid.311132"},{"reference_url":"https://vuldb.com/?id.311132","reference_id":"?id.311132","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://vuldb.com/?id.311132"},{"reference_url":"https://vuldb.com/?submit.586921","reference_id":"?submit.586921","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://vuldb.com/?submit.586921"},{"reference_url":"https://drive.google.com/file/d/1VtiMMp7ECun3sq3AwlqQrU9xEPA45eOz/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:12:42Z/"}],"url":"https://drive.google.com/file/d/1VtiMMp7ECun3sq3AwlqQrU9xEPA45eOz/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5644"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gy1s-hmrp-fbdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265096?format=json","vulnerability_id":"VCID-h43t-cy2h-jfdv","summary":"Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1061","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50418","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50474","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50456","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50548","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50553","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50558","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50535","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5049","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50445","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50368","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50421","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5045","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1061"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1061"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h43t-cy2h-jfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172389?format=json","vulnerability_id":"VCID-h4qz-m51b-5khw","summary":"The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6194","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35148","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3512","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35411","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35611","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35564","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35554","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3553","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3557","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3556","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35509","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3527","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35249","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3517","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35049","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6194"},{"reference_url":"https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18"},{"reference_url":"https://github.com/radare/radare2/issues/6829","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/6829"},{"reference_url":"http://www.securityfocus.com/bid/97299","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97299"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448","reference_id":"859448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6194","reference_id":"CVE-2017-6194","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6194"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937417?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-6194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4qz-m51b-5khw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265336?format=json","vulnerability_id":"VCID-hkwf-9xsj-xqct","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1437","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48361","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48397","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4842","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48444","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48431","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48476","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48417","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48429","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48376","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48355","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48379","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1437"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkwf-9xsj-xqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168569?format=json","vulnerability_id":"VCID-hvrq-x6mt-nuad","summary":"In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16805","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42046","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4203","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42241","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42316","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42345","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42334","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42328","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.423","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4235","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42326","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42185","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.4218","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42098","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.41956","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16805"},{"reference_url":"https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d"},{"reference_url":"https://github.com/radare/radare2/issues/8813","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8813"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882134","reference_id":"882134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882134"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16805","reference_id":"CVE-2017-16805","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16805"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-16805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvrq-x6mt-nuad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173202?format=json","vulnerability_id":"VCID-j79s-4ev5-jucd","summary":"The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7716","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40072","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40057","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40392","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40342","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40393","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40404","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40424","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40368","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40415","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40384","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40309","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4022","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40208","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.39989","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7716"},{"reference_url":"https://github.com/radare/radare2/issues/7260","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7260"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7716","reference_id":"CVE-2017-7716","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7716"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7716"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j79s-4ev5-jucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267328?format=json","vulnerability_id":"VCID-jb8a-6f7d-hkas","summary":"A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63745","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04696","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04573","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04558","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04929","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07629","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07444","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07415","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0756","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10792","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10856","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10816","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10828","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63745"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120793","reference_id":"1120793","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120793"},{"reference_url":"https://github.com/radareorg/radare2/issues/24660","reference_id":"24660","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/radareorg/radare2/issues/24660"},{"reference_url":"https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd","reference_id":"6c5df3f8570d4f0c360681c08241ad8af3b919fd","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md","reference_id":"MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md","reference_id":"radare2-nullptr-deref-bin_ne.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:27:19Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-63745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jb8a-6f7d-hkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264323?format=json","vulnerability_id":"VCID-khyh-e434-x3hk","summary":"radare2 is vulnerable to Out-of-bounds Read","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0173","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57714","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57793","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57848","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57849","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57866","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57844","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57823","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57851","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57828","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57787","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57806","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57788","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57745","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0173"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khyh-e434-x3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352703?format=json","vulnerability_id":"VCID-m715-ppbg-xya5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41015","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01082","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01157","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02733","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02649","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02704","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02677","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02694","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41015"},{"reference_url":"https://github.com/radareorg/radare2/issues/25650","reference_id":"25650","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/25650"},{"reference_url":"https://github.com/radareorg/radare2/pull/25651","reference_id":"25651","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/pull/25651"},{"reference_url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","reference_id":"9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"},{"reference_url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5","reference_id":"SECURITY.md?plain=1#L3-L5","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2026-41015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m715-ppbg-xya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175649?format=json","vulnerability_id":"VCID-mcfw-hm7m-uuh5","summary":"In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10186","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10186"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305","reference_id":"897305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-10186"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcfw-hm7m-uuh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176323?format=json","vulnerability_id":"VCID-myn1-h1xa-5ba7","summary":"The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11380","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11380"},{"reference_url":"https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134"},{"reference_url":"https://github.com/radare/radare2/issues/9970","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9970"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11380","reference_id":"CVE-2018-11380","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11380"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11380"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myn1-h1xa-5ba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265294?format=json","vulnerability_id":"VCID-n5c5-p9qk-zkgz","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1382","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48146","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48183","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48202","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48154","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48225","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48199","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48262","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48258","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48213","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48195","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48205","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48151","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48134","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48158","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1382"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5c5-p9qk-zkgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264767?format=json","vulnerability_id":"VCID-nh84-fufj-pfgr","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0676","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57578","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57664","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5875","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5881","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58828","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5879","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58823","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58827","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58804","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58798","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58783","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58749","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58794","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58853","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0676"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0676"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nh84-fufj-pfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176880?format=json","vulnerability_id":"VCID-njkh-gajt-x3cx","summary":"There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12320","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37643","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37626","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3813","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38075","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38084","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38102","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38065","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38042","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38067","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37788","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37765","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37671","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37556","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12320"},{"reference_url":"https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548"},{"reference_url":"https://github.com/radare/radare2/issues/10293","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630","reference_id":"901630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12320","reference_id":"CVE-2018-12320","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12320"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937423?format=json","purl":"pkg:deb/debian/radare2@2.7.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.7.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-12320"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njkh-gajt-x3cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224713?format=json","vulnerability_id":"VCID-nnye-265s-hfdm","summary":"Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29646","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69626","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69734","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6969","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69715","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6971","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69702","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6965","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69659","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69619","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69633","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69648","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69564","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00821","scoring_system":"epss","scoring_elements":"0.74532","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29646"},{"reference_url":"https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690","reference_id":"0be4a204e7226fa2cea761c09f027690","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690"},{"reference_url":"https://github.com/radareorg/radare2/pull/22562","reference_id":"22562","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22562"},{"reference_url":"https://github.com/radareorg/radare2/pull/22567","reference_id":"22567","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22567"},{"reference_url":"https://github.com/radareorg/radare2/pull/22572","reference_id":"22572","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22572"},{"reference_url":"https://github.com/radareorg/radare2/pull/22578","reference_id":"22578","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22578"},{"reference_url":"https://github.com/radareorg/radare2/pull/22599","reference_id":"22599","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-18T15:50:29Z/"}],"url":"https://github.com/radareorg/radare2/pull/22599"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2024-29646"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnye-265s-hfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265234?format=json","vulnerability_id":"VCID-nuzb-2zqv-wbgf","summary":"NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1283","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50624","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50677","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50703","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50659","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50714","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5071","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50729","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50754","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5076","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5074","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50689","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50629","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1283"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1283"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuzb-2zqv-wbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/306701?format=json","vulnerability_id":"VCID-ny2r-28hp-5uep","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5686","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24664","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24474","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24544","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24563","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24489","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24431","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24416","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24374","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24251","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2433","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24392","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055854","reference_id":"1055854","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-5686"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny2r-28hp-5uep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264538?format=json","vulnerability_id":"VCID-p5f7-7r1a-rycr","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0419","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47979","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48038","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4804","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48058","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48035","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4805","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47909","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0419"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"},{"reference_url":"https://security.archlinux.org/AVG-2748","reference_id":"AVG-2748","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0419"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p5f7-7r1a-rycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266539?format=json","vulnerability_id":"VCID-patn-amhm-cqcp","summary":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0302","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40386","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40443","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40368","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40725","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40753","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40676","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40732","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4075","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40715","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40713","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40636","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40539","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40525","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0302"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029037","reference_id":"1029037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029037"},{"reference_url":"https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e","reference_id":"583133af-7ae6-4a21-beef-a4b0182cf82e","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:47:04Z/"}],"url":"https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e"},{"reference_url":"https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce","reference_id":"961f0e723903011d4f54c2396e44efa91fcc74ce","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:47:04Z/"}],"url":"https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-0302"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-patn-amhm-cqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/257356?format=json","vulnerability_id":"VCID-pme4-1y6v-4ybu","summary":"A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3673","reference_id":"","reference_type":"","scores":[{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7081","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70594","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70623","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70646","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70685","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70702","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7071","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70689","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70753","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70733","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70773","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3673"},{"reference_url":"https://security.archlinux.org/AVG-2245","reference_id":"AVG-2245","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-3673"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pme4-1y6v-4ybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224930?format=json","vulnerability_id":"VCID-pq2q-hnd2-y3eb","summary":"Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29645","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1768","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17527","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17568","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17736","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17783","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17601","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22587","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22505","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22608","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2262","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23117","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29645"},{"reference_url":"https://github.com/radareorg/radare2/pull/22561","reference_id":"22561","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/"}],"url":"https://github.com/radareorg/radare2/pull/22561"},{"reference_url":"https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620","reference_id":"72bf3a486fa851797aa21887a40ba0e3d3a6d620","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/"}],"url":"https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620"},{"reference_url":"https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027","reference_id":"83f0f5e8a475284d64bf99fb342e9027","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-02T17:24:47Z/"}],"url":"https://gist.github.com/Crispy-fried-chicken/83f0f5e8a475284d64bf99fb342e9027"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2024-29645"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq2q-hnd2-y3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168336?format=json","vulnerability_id":"VCID-pqrq-1jus-tkep","summary":"In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16358","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39782","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39763","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.4004","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40214","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.4019","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40213","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40177","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39924","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39908","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39827","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39698","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16358"},{"reference_url":"https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9"},{"reference_url":"https://github.com/radare/radare2/issues/8748","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880619","reference_id":"880619","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880619"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16358","reference_id":"CVE-2017-16358","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16358"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-16358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqrq-1jus-tkep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265206?format=json","vulnerability_id":"VCID-pt1y-cpch-1qfn","summary":"Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1238","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50334","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5039","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5042","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50372","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50425","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.5046","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50437","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50465","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50391","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50352","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50274","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50328","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50359","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1238"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1238"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt1y-cpch-1qfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/244662?format=json","vulnerability_id":"VCID-pu3q-x2ey-zydp","summary":"An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48241","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22586","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22521","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22519","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22424","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22508","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22832","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22667","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22793","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22816","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22721","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22736","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22732","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48241"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088693","reference_id":"1088693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088693"},{"reference_url":"https://github.com/radareorg/radare2/issues/23317","reference_id":"23317","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/"}],"url":"https://github.com/radareorg/radare2/issues/23317"},{"reference_url":"https://github.com/radareorg/radare2/pull/23318","reference_id":"23318","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/"}],"url":"https://github.com/radareorg/radare2/pull/23318"},{"reference_url":"https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md","reference_id":"CVE-2024-48241.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T15:08:15Z/"}],"url":"https://github.com/St-Andrews-Bug-Busters/Vuln_info/blob/main/radare2/CVE-2024-48241.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937435?format=json","purl":"pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.8%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2024-48241"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pu3q-x2ey-zydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165776?format=json","vulnerability_id":"VCID-pz9s-ebvf-77c5","summary":"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10929","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58687","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58783","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58751","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5881","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58828","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58823","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58805","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5875","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58795","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58853","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10929"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369","reference_id":"867369","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937415?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-10929"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pz9s-ebvf-77c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/254598?format=json","vulnerability_id":"VCID-q9et-b46r-nfhd","summary":"A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11858","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11385","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11698","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11613","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11487","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11491","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11617","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11572","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16232","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11858"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329102","reference_id":"show_bug.cgi?id=2329102","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-16T16:38:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937435?format=json","purl":"pkg:deb/debian/radare2@5.9.8%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.8%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2024-11858"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9et-b46r-nfhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167923?format=json","vulnerability_id":"VCID-qtjk-bakx-nyar","summary":"The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15368","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46694","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46674","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46699","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46761","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46783","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46755","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46818","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46815","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46609","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15368"},{"reference_url":"https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515"},{"reference_url":"https://github.com/radare/radare2/issues/8673","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8673"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878767","reference_id":"878767","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878767"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15368","reference_id":"CVE-2017-15368","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-15368"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtjk-bakx-nyar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176319?format=json","vulnerability_id":"VCID-qvdt-rhku-v7cb","summary":"The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11376","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11376"},{"reference_url":"https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf"},{"reference_url":"https://github.com/radare/radare2/issues/9904","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9904"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11376","reference_id":"CVE-2018-11376","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11376"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11376"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvdt-rhku-v7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265078?format=json","vulnerability_id":"VCID-rgst-sefy-mya3","summary":"Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1031","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51927","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52021","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52019","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52053","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52077","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52083","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52011","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52017","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51978","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgst-sefy-mya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180909?format=json","vulnerability_id":"VCID-rwf4-6fjk-cqfp","summary":"opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19843","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37484","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37649","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37673","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37551","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37596","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37568","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37593","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3753","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37311","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37199","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3708","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37148","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37165","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19843"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937426?format=json","purl":"pkg:deb/debian/radare2@3.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-19843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwf4-6fjk-cqfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176320?format=json","vulnerability_id":"VCID-sf7m-amp2-ebde","summary":"The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11377","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48955","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48865","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48928","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48927","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4899","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48944","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48994","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49011","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48984","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49036","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48993","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48948","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11377"},{"reference_url":"https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4"},{"reference_url":"https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422"},{"reference_url":"https://github.com/radare/radare2/issues/9901","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9901"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11377","reference_id":"CVE-2018-11377","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11377"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf7m-amp2-ebde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284336?format=json","vulnerability_id":"VCID-sgqw-g5s2-6ydd","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4843","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18849","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18749","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18699","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18595","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18987","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1871","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19716","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19548","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4843"},{"reference_url":"https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f","reference_id":"075b2760-66a0-4d38-b3b5-e9934956ab7f","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f"},{"reference_url":"https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24","reference_id":"842f809d4ec6a12af2906f948657281c9ebc8a24","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/","reference_id":"FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/","reference_id":"OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-4843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgqw-g5s2-6ydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178854?format=json","vulnerability_id":"VCID-shpa-bmwh-yqb8","summary":"In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15834","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34917","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35115","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35143","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35066","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35075","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3506","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35014","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34782","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34614","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34651","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937425?format=json","purl":"pkg:deb/debian/radare2@2.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-15834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shpa-bmwh-yqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266512?format=json","vulnerability_id":"VCID-sk4s-yzns-jfbk","summary":"Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4398","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55475","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55424","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55375","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55419","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55485","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55463","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55515","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55516","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55487","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55523","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55527","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55506","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55431","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5545","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4398"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027144","reference_id":"1027144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027144"},{"reference_url":"https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8","reference_id":"b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:50:32Z/"}],"url":"https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8"},{"reference_url":"https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2","reference_id":"c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:50:32Z/"}],"url":"https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-4398"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sk4s-yzns-jfbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267322?format=json","vulnerability_id":"VCID-sua7-jxfv-tfhe","summary":"A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5642","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36921","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36912","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37018","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36846","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36473","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36375","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36493","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36581","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36613","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36832","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36906","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36861","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36886","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5642"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24231","reference_id":"24231","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://github.com/radareorg/radare2/issues/24231"},{"reference_url":"https://github.com/radareorg/radare2/issues/24231#issuecomment-2918848163","reference_id":"24231#issuecomment-2918848163","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://github.com/radareorg/radare2/issues/24231#issuecomment-2918848163"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311130","reference_id":"?ctiid.311130","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://vuldb.com/?ctiid.311130"},{"reference_url":"https://vuldb.com/?id.311130","reference_id":"?id.311130","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://vuldb.com/?id.311130"},{"reference_url":"https://vuldb.com/?submit.586910","reference_id":"?submit.586910","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://vuldb.com/?submit.586910"},{"reference_url":"https://drive.google.com/file/d/1joXpofhKSeb3uJ034ayVuWIoJj08gm_9/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:49:13Z/"}],"url":"https://drive.google.com/file/d/1joXpofhKSeb3uJ034ayVuWIoJj08gm_9/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5642"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sua7-jxfv-tfhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224973?format=json","vulnerability_id":"VCID-swsv-3s4g-kbea","summary":"An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27793","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60803","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60889","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60904","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60877","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60882","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6094","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-27793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swsv-3s4g-kbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265208?format=json","vulnerability_id":"VCID-tbyx-yrx3-vfag","summary":"Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1240","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46991","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47028","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46995","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47049","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47045","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47069","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47043","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47035","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46909","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46973","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1240"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1240"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbyx-yrx3-vfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265505?format=json","vulnerability_id":"VCID-tdq4-q57q-ufht","summary":"Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1714","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32832","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32684","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32484","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32343","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32407","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32417","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35005","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34858","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35006","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35021","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35056","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35037","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35041","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1714"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdq4-q57q-ufht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205734?format=json","vulnerability_id":"VCID-te26-ushn-aybj","summary":"An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26475","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17669","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17476","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17569","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18013","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17713","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.178","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17833","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17729","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17738","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17664","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17619","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26475"},{"reference_url":"https://github.com/TronciuVlad/CVE-2024-26475","reference_id":"CVE-2024-26475","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T16:01:17Z/"}],"url":"https://github.com/TronciuVlad/CVE-2024-26475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2024-26475"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te26-ushn-aybj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265339?format=json","vulnerability_id":"VCID-tqf6-xzpu-37d9","summary":"Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1451","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5095","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50985","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51039","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51082","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51081","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51013","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5098","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50962","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqf6-xzpu-37d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182284?format=json","vulnerability_id":"VCID-tww2-m12z-sbbv","summary":"In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20458","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39602","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39599","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39595","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39565","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39285","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39205","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20458"},{"reference_url":"https://github.com/radareorg/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19"},{"reference_url":"https://github.com/radare/radare2/issues/12374","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12374"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20458","reference_id":"CVE-2018-20458","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20458"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937427?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20458"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tww2-m12z-sbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/189414?format=json","vulnerability_id":"VCID-uxqx-tssw-jqfz","summary":"In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8809","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3249","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3267","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32493","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32565","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32503","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32516","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32484","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3232","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32204","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32119","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31979","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32044","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32053","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895751","reference_id":"895751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895751"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-8809"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxqx-tssw-jqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58946?format=json","vulnerability_id":"VCID-uzg5-a999-afhp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305","reference_id":"","reference_type":"","scores":[{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96506","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.9652","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96532","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.9654","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96546","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96552","published_at":"2026-04-18T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96556","published_at":"2026-04-24T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96913","published_at":"2026-05-05T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96917","published_at":"2026-05-07T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96924","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049","reference_id":"1191049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397","reference_id":"778397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402","reference_id":"778402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406","reference_id":"778406","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408","reference_id":"778408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409","reference_id":"778409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412","reference_id":"778412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"},{"reference_url":"https://usn.ubuntu.com/2594-1/","reference_id":"USN-2594-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2594-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937414?format=json","purl":"pkg:deb/debian/radare2@0.10.5%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0.10.5%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2015-2305"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzg5-a999-afhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172451?format=json","vulnerability_id":"VCID-v386-f2n9-8ya1","summary":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6319","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52456","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52502","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52528","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52495","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52542","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52562","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52602","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52594","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52544","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.5246","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52513","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52559","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6319"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856579","reference_id":"856579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937419?format=json","purl":"pkg:deb/debian/radare2@1.1.0%2Bdfsg-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.1.0%252Bdfsg-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-6319"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v386-f2n9-8ya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264798?format=json","vulnerability_id":"VCID-v71n-cp33-7uc9","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0712","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62123","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62184","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62215","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62232","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62257","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62235","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6228","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62287","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62272","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62282","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62298","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62292","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62237","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62344","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0712"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v71n-cp33-7uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334545?format=json","vulnerability_id":"VCID-v7dw-jebk-xybc","summary":"A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". A new warning has been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5645","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35253","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34683","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35235","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5645"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316","reference_id":"1107316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107316"},{"reference_url":"https://github.com/radareorg/radare2/issues/24234","reference_id":"24234","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://github.com/radareorg/radare2/issues/24234"},{"reference_url":"https://github.com/radareorg/radare2/issues/24234#issuecomment-2918847551","reference_id":"24234#issuecomment-2918847551","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://github.com/radareorg/radare2/issues/24234#issuecomment-2918847551"},{"reference_url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798","reference_id":"5705d99cc1f23f36f9a84aab26d1724010b97798","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798"},{"reference_url":"https://vuldb.com/?ctiid.311133","reference_id":"?ctiid.311133","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://vuldb.com/?ctiid.311133"},{"reference_url":"https://vuldb.com/?id.311133","reference_id":"?id.311133","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://vuldb.com/?id.311133"},{"reference_url":"https://vuldb.com/?submit.586922","reference_id":"?submit.586922","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://vuldb.com/?submit.586922"},{"reference_url":"https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T18:11:49Z/"}],"url":"https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937436?format=json","purl":"pkg:deb/debian/radare2@6.0.4%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.4%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-5645"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7dw-jebk-xybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/290294?format=json","vulnerability_id":"VCID-v86n-wjus-g7h5","summary":"radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27114","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22325","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22266","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22247","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22589","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22631","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22418","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.225","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22554","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22572","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22477","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22492","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22489","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22439","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22286","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22272","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27114"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032667","reference_id":"1032667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032667"},{"reference_url":"https://github.com/radareorg/radare2/issues/21363","reference_id":"21363","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:14:47Z/"}],"url":"https://github.com/radareorg/radare2/issues/21363"},{"reference_url":"https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509","reference_id":"a15067a8eaa836bcc24b0882712c14d1baa66509","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:14:47Z/"}],"url":"https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-27114"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v86n-wjus-g7h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176327?format=json","vulnerability_id":"VCID-vemn-pw8w-y3dq","summary":"The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11384","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47996","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47905","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48046","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47987","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11384"},{"reference_url":"https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add"},{"reference_url":"https://github.com/radare/radare2/issues/9903","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9903"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11384","reference_id":"CVE-2018-11384","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11384"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937422?format=json","purl":"pkg:deb/debian/radare2@2.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11384"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vemn-pw8w-y3dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177963?format=json","vulnerability_id":"VCID-vfpa-egy5-xfad","summary":"The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14015","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45202","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14015"},{"reference_url":"https://github.com/radareorg/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3"},{"reference_url":"https://github.com/radare/radare2/issues/10465","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10465"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903724","reference_id":"903724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14015","reference_id":"CVE-2018-14015","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937424?format=json","purl":"pkg:deb/debian/radare2@2.8.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.8.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-14015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfpa-egy5-xfad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266516?format=json","vulnerability_id":"VCID-w45p-1p1t-tkav","summary":"Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34520","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32835","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3273","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32731","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32695","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32667","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32706","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32683","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32653","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32499","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32383","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.323","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32225","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32235","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979","reference_id":"1016979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-34520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w45p-1p1t-tkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265205?format=json","vulnerability_id":"VCID-w5bc-f4gs-aqa6","summary":"Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1237","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49093","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49126","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49156","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49159","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4915","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49202","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.492","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49168","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49041","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49105","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49133","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5bc-f4gs-aqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174418?format=json","vulnerability_id":"VCID-wbqn-8k7x-bbc6","summary":"The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9761","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45478","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4552","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45489","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45405","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45353","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45249","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45314","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45331","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869428","reference_id":"869428","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937415?format=json","purl":"pkg:deb/debian/radare2@1.6.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@1.6.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-9761"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbqn-8k7x-bbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182282?format=json","vulnerability_id":"VCID-wgf3-z9qx-y7gc","summary":"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20456","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.393","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39287","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3957","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39719","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39741","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39738","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39702","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39707","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39623","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39444","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3943","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39347","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39219","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20456"},{"reference_url":"https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185"},{"reference_url":"https://github.com/radare/radare2/issues/12372","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/12372"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20456","reference_id":"CVE-2018-20456","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937427?format=json","purl":"pkg:deb/debian/radare2@3.1.2%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.1.2%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-20456"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgf3-z9qx-y7gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302558?format=json","vulnerability_id":"VCID-wkg7-9vfg-rbgc","summary":"radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47016","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39206","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39189","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39107","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3898","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3905","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39499","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39437","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39492","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39508","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39519","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3948","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39514","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39486","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39402","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056930","reference_id":"1056930","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056930"},{"reference_url":"https://github.com/radareorg/radare2/issues/22349","reference_id":"22349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/"}],"url":"https://github.com/radareorg/radare2/issues/22349"},{"reference_url":"https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd","reference_id":"40c9f50e127be80b9d816bce2ab2ee790831aefd","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/"}],"url":"https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd"},{"reference_url":"https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa","reference_id":"65705be4f84269cb7cd725a1d4ab2ffa","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-19T20:20:19Z/"}],"url":"https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2023-47016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkg7-9vfg-rbgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168169?format=json","vulnerability_id":"VCID-wqu2-yhcs-tqgh","summary":"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15932","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42635","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42618","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42784","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42914","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42902","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4284","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42764","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42681","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42541","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15932"},{"reference_url":"https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9"},{"reference_url":"https://github.com/radare/radare2/issues/8743","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8743"},{"reference_url":"http://www.securityfocus.com/bid/101614","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101614"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880024","reference_id":"880024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880024"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15932","reference_id":"CVE-2017-15932","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-15932"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqu2-yhcs-tqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217960?format=json","vulnerability_id":"VCID-wtnj-8rc9-tuaj","summary":"In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15121","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69188","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69207","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69257","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69275","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69282","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69292","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69301","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69332","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6934","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69346","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69324","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69367","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69402","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-15121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtnj-8rc9-tuaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250749?format=json","vulnerability_id":"VCID-wxqc-aaxn-3ud4","summary":"In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32613","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56447","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5632","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56444","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56426","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56482","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56449","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56483","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56453","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56379","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56383","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32613"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067","reference_id":"989067","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067"},{"reference_url":"https://security.archlinux.org/ASA-202106-40","reference_id":"ASA-202106-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-40"},{"reference_url":"https://security.archlinux.org/AVG-1950","reference_id":"AVG-1950","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1950"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-32613"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxqc-aaxn-3ud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/336498?format=json","vulnerability_id":"VCID-wxu7-ngjj-jbac","summary":"A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63744","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09338","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09187","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09297","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09188","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12546","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12682","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12751","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18881","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120792","reference_id":"1120792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120792"},{"reference_url":"https://github.com/radareorg/radare2/issues/24661","reference_id":"24661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/radareorg/radare2/issues/24661"},{"reference_url":"https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79","reference_id":"e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md","reference_id":"MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md"},{"reference_url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md","reference_id":"radare2-nullptr-deref-bin_dyldcache.md","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T21:32:08Z/"}],"url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2025-63744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxu7-ngjj-jbac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265624?format=json","vulnerability_id":"VCID-x1ew-h8tp-67c2","summary":"Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1899","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6371","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63771","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63798","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63806","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63823","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63836","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63824","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63833","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63821","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6385","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6382","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63863","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63912","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ew-h8tp-67c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168168?format=json","vulnerability_id":"VCID-x9x1-xeec-z7ej","summary":"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15931","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42635","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42618","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42784","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42914","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42902","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4284","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42764","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42681","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42541","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15931"},{"reference_url":"https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd"},{"reference_url":"https://github.com/radare/radare2/issues/8731","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/8731"},{"reference_url":"http://www.securityfocus.com/bid/101609","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101609"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025","reference_id":"880025","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15931","reference_id":"CVE-2017-15931","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937416?format=json","purl":"pkg:deb/debian/radare2@2.1.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@2.1.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-15931"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9x1-xeec-z7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266444?format=json","vulnerability_id":"VCID-xgjj-4vb7-uubp","summary":"Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34502","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34539","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34465","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34053","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33948","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33827","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3394","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34502"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979","reference_id":"1016979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016979"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-34502"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgjj-4vb7-uubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/271991?format=json","vulnerability_id":"VCID-xuw5-8svs-p3a7","summary":"A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28069","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32897","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32857","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33142","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33185","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33218","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.3322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33181","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33197","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33175","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33138","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32991","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32975","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32788","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28069"},{"reference_url":"https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a","reference_id":"49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:21:58Z/"}],"url":"https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-28069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xuw5-8svs-p3a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/195709?format=json","vulnerability_id":"VCID-xype-sjmg-s3gz","summary":"In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14745","reference_id":"","reference_type":"","scores":[{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91476","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91482","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91497","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.9151","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91516","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91523","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91521","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91545","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91544","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91557","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91571","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07084","scoring_system":"epss","scoring_elements":"0.91581","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204","reference_id":"934204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937430?format=json","purl":"pkg:deb/debian/radare2@3.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@3.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-14745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xype-sjmg-s3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265295?format=json","vulnerability_id":"VCID-y9b9-yzvm-e3df","summary":"Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1383","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47401","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47435","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4746","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47457","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4748","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47455","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47462","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47521","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47466","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47452","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47461","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47409","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1383"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9b9-yzvm-e3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224975?format=json","vulnerability_id":"VCID-yhm8-zjrk-ykh3","summary":"A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27794","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60803","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60889","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60904","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60877","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60882","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6094","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-27794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhm8-zjrk-ykh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173023?format=json","vulnerability_id":"VCID-yjkb-tsqy-uqa5","summary":"The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7274","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45331","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45314","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45478","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4552","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45489","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45405","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45353","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45249","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7274"},{"reference_url":"https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf"},{"reference_url":"https://github.com/radare/radare2/issues/7152","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7152"},{"reference_url":"http://www.securityfocus.com/bid/97181","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97181"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7274","reference_id":"CVE-2017-7274","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7274"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjkb-tsqy-uqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264635?format=json","vulnerability_id":"VCID-ynz2-8u9q-2yba","summary":"Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0523","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4724","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47277","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47296","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47298","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47294","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47318","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.473","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47358","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47303","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47288","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47297","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47244","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0523"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynz2-8u9q-2yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250621?format=json","vulnerability_id":"VCID-yuwd-fh9w-5bc3","summary":"Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32495","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52835","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52862","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52919","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52956","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52947","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52924","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52885","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52888","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52901","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52936","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54686","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5459","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32495"},{"reference_url":"https://github.com/radareorg/radare2/issues/18666","reference_id":"18666","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/"}],"url":"https://github.com/radareorg/radare2/issues/18666"},{"reference_url":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","reference_id":"5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/"}],"url":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937433?format=json","purl":"pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2021-32495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwd-fh9w-5bc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265580?format=json","vulnerability_id":"VCID-yycm-mx2c-tkae","summary":"Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1809","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50783","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50712","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50721","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50675","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50649","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5068","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1809"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yycm-mx2c-tkae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265340?format=json","vulnerability_id":"VCID-z1c6-6naw-byeg","summary":"Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1452","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5095","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50985","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51039","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51082","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51081","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51013","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5098","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50962","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1452"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-1452"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1c6-6naw-byeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264594?format=json","vulnerability_id":"VCID-zec6-qhn1-4qh2","summary":"Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0476","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45129","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45175","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45229","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45218","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4522","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45271","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45217","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45137","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45077","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.44974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45039","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45057","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0476"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478","reference_id":"1014478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937434?format=json","purl":"pkg:deb/debian/radare2@5.9.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.9.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-0476"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zec6-qhn1-4qh2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}