Search for packages
| purl | pkg:deb/ubuntu/radare2@0.9-2ubuntu1 |
| Next non-vulnerable version | 4.2.1+dfsg-1 |
| Latest non-vulnerable version | 4.2.1+dfsg-1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3am4-ry1u-aaaq
Aliases: CVE-2017-15385 |
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file. |
Affected by 31 other vulnerabilities. |
|
VCID-3c18-v2g4-aaaf
Aliases: CVE-2015-2305 |
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. |
Affected by 11 other vulnerabilities. |
|
VCID-4ayg-dwe6-aaan
Aliases: CVE-2017-9520 |
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. |
Affected by 11 other vulnerabilities. |
|
VCID-5prf-71yw-aaak
Aliases: CVE-2018-20460 |
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. |
Affected by 5 other vulnerabilities. |
|
VCID-785a-4chv-aaaa
Aliases: CVE-2017-9763 |
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. |
Affected by 11 other vulnerabilities. |
|
VCID-812k-musm-aaae
Aliases: CVE-2017-10929 |
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. |
Affected by 11 other vulnerabilities. |
|
VCID-9zyh-cbyg-aaag
Aliases: CVE-2017-7274 |
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. |
Affected by 11 other vulnerabilities. |
|
VCID-b896-75ta-aaaj
Aliases: CVE-2018-20456 |
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. |
Affected by 5 other vulnerabilities. |
|
VCID-baux-vpsa-aaad
Aliases: CVE-2017-9949 |
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. |
Affected by 11 other vulnerabilities. |
|
VCID-d6r5-81cv-aaar
Aliases: CVE-2017-6197 |
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. |
Affected by 32 other vulnerabilities. |
|
VCID-dmpq-nve8-aaam
Aliases: CVE-2017-16805 |
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. |
Affected by 11 other vulnerabilities. |
|
VCID-fyvz-ypz7-aaak
Aliases: CVE-2018-20455 |
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. |
Affected by 5 other vulnerabilities. |
|
VCID-h528-y6as-aaas
Aliases: CVE-2018-20457 |
In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459. |
Affected by 3 other vulnerabilities. |
|
VCID-jh1x-gav9-aaah
Aliases: CVE-2017-9762 |
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. |
Affected by 11 other vulnerabilities. |
|
VCID-jpk8-e6he-aaah
Aliases: CVE-2017-6415 |
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. |
Affected by 11 other vulnerabilities. |
|
VCID-jy2w-u2wy-aaae
Aliases: CVE-2017-6448 |
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. |
Affected by 11 other vulnerabilities. |
|
VCID-mume-8pwt-aaan
Aliases: CVE-2017-16358 |
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. |
Affected by 11 other vulnerabilities. |
|
VCID-n6bf-wbn1-aaad
Aliases: CVE-2018-20461 |
In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. |
Affected by 5 other vulnerabilities. |
|
VCID-nfvf-9bnx-aaap
Aliases: CVE-2017-16359 |
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. |
Affected by 11 other vulnerabilities. |
|
VCID-nyxz-j574-aaap
Aliases: CVE-2018-20458 |
In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file. |
Affected by 5 other vulnerabilities. |
|
VCID-pkjz-zd57-aaas
Aliases: CVE-2017-15931 |
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. |
Affected by 11 other vulnerabilities. |
|
VCID-qmrn-ybhf-aaah
Aliases: CVE-2017-6194 |
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. |
Affected by 11 other vulnerabilities. |
|
VCID-r8tn-qkw1-aaab
Aliases: CVE-2017-9761 |
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. |
Affected by 11 other vulnerabilities. |
|
VCID-re7p-72g2-aaae
Aliases: CVE-2019-19590 |
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. |
Affected by 0 other vulnerabilities. |
|
VCID-sssr-wssj-aaak
Aliases: CVE-2019-16718 |
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. |
Affected by 0 other vulnerabilities. |
|
VCID-u4c4-tznp-aaan
Aliases: CVE-2019-19647 |
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. |
Affected by 0 other vulnerabilities. |
|
VCID-u6m7-7k5f-aaac
Aliases: CVE-2018-20459 |
In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457. |
Affected by 3 other vulnerabilities. |
|
VCID-uqw4-bpqk-aaaa
Aliases: CVE-2017-7716 |
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. |
Affected by 11 other vulnerabilities. |
|
VCID-wbc6-u6wg-aaan
Aliases: CVE-2017-6319 |
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. |
Affected by 11 other vulnerabilities. |
|
VCID-xc7f-jgr4-aaad
Aliases: CVE-2017-6387 |
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. |
Affected by 10 other vulnerabilities. |
|
VCID-xy1j-6hsu-aaam
Aliases: CVE-2017-16357 |
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. |
Affected by 11 other vulnerabilities. |
|
VCID-yndh-cmqg-aaah
Aliases: CVE-2017-7946 |
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. |
Affected by 11 other vulnerabilities. |
|
VCID-yr5c-rt4u-aaab
Aliases: CVE-2017-15932 |
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|