{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","type":"deb","namespace":"debian","name":"radare2","version":"0","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.10.5+dfsg-1","latest_non_vulnerable_version":"6.0.7+ds-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197484?format=json","vulnerability_id":"VCID-3r1r-24qj-zyef","summary":"In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16718","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80101","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80087","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79959","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79977","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80034","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.8001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80038","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80039","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80067","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80072","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16718"},{"reference_url":"https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af"},{"reference_url":"https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7"},{"reference_url":"https://github.com/radareorg/radare2/compare/3.8.0...3.9.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radareorg/radare2/compare/3.8.0...3.9.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16718","reference_id":"CVE-2019-16718","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2019-16718"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r1r-24qj-zyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176325?format=json","vulnerability_id":"VCID-54v3-r36b-pqbt","summary":"The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11382","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45874","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45986","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46037","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46063","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46118","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46025","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11382"},{"reference_url":"https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff"},{"reference_url":"https://github.com/radare/radare2/issues/10091","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/10091"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11382","reference_id":"CVE-2018-11382","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11382"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11382"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54v3-r36b-pqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173226?format=json","vulnerability_id":"VCID-56w7-1t75-ckc9","summary":"The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7854","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48839","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48901","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48938","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48964","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48918","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48972","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48969","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48986","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4896","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49013","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4901","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48971","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48959","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48968","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7854"},{"reference_url":"https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4"},{"reference_url":"https://github.com/radare/radare2/issues/7265","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7265"},{"reference_url":"http://www.securityfocus.com/bid/97648","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97648"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7854","reference_id":"CVE-2017-7854","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7854"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56w7-1t75-ckc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176318?format=json","vulnerability_id":"VCID-a4us-jxhs-nfgh","summary":"The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11375","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45874","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45986","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46037","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46063","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46118","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46025","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11375"},{"reference_url":"https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68"},{"reference_url":"https://github.com/radare/radare2/issues/9928","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/9928"},{"reference_url":"https://security.archlinux.org/ASA-201806-2","reference_id":"ASA-201806-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-2"},{"reference_url":"https://security.archlinux.org/AVG-709","reference_id":"AVG-709","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11375","reference_id":"CVE-2018-11375","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2018-11375"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4us-jxhs-nfgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173202?format=json","vulnerability_id":"VCID-j79s-4ev5-jucd","summary":"The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7716","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.39989","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40392","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40342","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40393","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40404","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40424","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40368","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40415","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40384","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40309","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4022","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40208","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7716"},{"reference_url":"https://github.com/radare/radare2/issues/7260","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7260"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7716","reference_id":"CVE-2017-7716","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7716"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7716"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j79s-4ev5-jucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352703?format=json","vulnerability_id":"VCID-m715-ppbg-xya5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41015","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01082","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01157","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02677","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02649","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02704","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41015"},{"reference_url":"https://github.com/radareorg/radare2/issues/25650","reference_id":"25650","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/issues/25650"},{"reference_url":"https://github.com/radareorg/radare2/pull/25651","reference_id":"25651","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/pull/25651"},{"reference_url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","reference_id":"9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"},{"reference_url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5","reference_id":"SECURITY.md?plain=1#L3-L5","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/"}],"url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2026-41015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m715-ppbg-xya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284336?format=json","vulnerability_id":"VCID-sgqw-g5s2-6ydd","summary":"NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4843","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18849","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18749","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18699","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18595","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18987","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1871","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19548","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4843"},{"reference_url":"https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f","reference_id":"075b2760-66a0-4d38-b3b5-e9934956ab7f","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f"},{"reference_url":"https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24","reference_id":"842f809d4ec6a12af2906f948657281c9ebc8a24","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/","reference_id":"FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/","reference_id":"OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2022-4843"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgqw-g5s2-6ydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173023?format=json","vulnerability_id":"VCID-yjkb-tsqy-uqa5","summary":"The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7274","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45249","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45353","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45478","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4552","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45489","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45405","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45415","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7274"},{"reference_url":"https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf"},{"reference_url":"https://github.com/radare/radare2/issues/7152","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/radare/radare2/issues/7152"},{"reference_url":"http://www.securityfocus.com/bid/97181","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97181"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7274","reference_id":"CVE-2017-7274","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937420?format=json","purl":"pkg:deb/debian/radare2@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2017-7274"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjkb-tsqy-uqa5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid"}