{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","type":"deb","namespace":"debian","name":"radare2","version":"5.0.0+dfsg-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.5.0+dfsg-1","latest_non_vulnerable_version":"6.0.7+ds-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224977?format=json","vulnerability_id":"VCID-71pg-p4ht-pudf","summary":"A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27795","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67072","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67189","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67144","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67178","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67192","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67173","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67193","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67205","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67204","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67214","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27795"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-27795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71pg-p4ht-pudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219453?format=json","vulnerability_id":"VCID-cbnj-ccs4-4uap","summary":"radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17487","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66777","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.6684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66813","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66862","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66849","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66896","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66879","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66918","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66928","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-17487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbnj-ccs4-4uap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218899?format=json","vulnerability_id":"VCID-e8zb-wjjn-ubd9","summary":"radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16269","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57924","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58009","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58007","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58061","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58065","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58081","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58058","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58038","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58068","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58011","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57966","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58008","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16269"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-16269"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8zb-wjjn-ubd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224973?format=json","vulnerability_id":"VCID-swsv-3s4g-kbea","summary":"An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27793","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60803","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60889","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60904","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60877","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60882","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-27793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swsv-3s4g-kbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217960?format=json","vulnerability_id":"VCID-wtnj-8rc9-tuaj","summary":"In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15121","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69188","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69207","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69257","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69275","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69282","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69292","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69301","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69332","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6934","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69346","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69324","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69367","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-15121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtnj-8rc9-tuaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224975?format=json","vulnerability_id":"VCID-yhm8-zjrk-ykh3","summary":"A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27794","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60803","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60889","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60904","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60877","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6089","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60882","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937432?format=json","purl":"pkg:deb/debian/radare2@5.0.0%2Bdfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/937413?format=json","purl":"pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-27794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhm8-zjrk-ykh3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.0.0%252Bdfsg-1%3Fdistro=sid"}