CRITICAL🇵🇱 Wersja polska

CVE-2024-29646

CVSS 9.8v3.1pub. 2024-12-17upd. 2025-06-17

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

🤖 AI Analysis
How it works

The vulnerability is a buffer overflow error during processing of input data passed in the name, type, or group fields. An attacker can provide specially crafted data to these fields, causing memory areas beyond the intended buffer to be overwritten. This results in the possibility of hijacking program execution flow and running malicious code.

Impact

An attacker can execute arbitrary code on the vulnerable system (RCE), which potentially leads to complete takeover of the machine, violation of confidentiality, integrity, and availability of data and services.

Mitigation & patch

Patches available from the vendor should be applied according to references — fixes were introduced in pull requests #22562, #22567, #22572, and #22578 in the radare2 project GitHub repository. It is recommended to update to a version containing the aforementioned fixes.

Who is affected

Radare2 version 5.8.8

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Radare Radare2

    APP
    Radare
    5.8.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2025-1864CRITICAL10.0PL ✓ten sam produkt

Buffer overflow w radare2 — przepełnienie bufora pamięci (CVSS 10.0)

CVE-2025-1744CRITICAL10.0PL ✓ten sam produkt

Krytyczny Out-of-bounds Write (heap buffer overflow) w Radare2

CVE-2023-46569CRITICAL9.8ten sam produkt

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds...

CVE-2023-46570CRITICAL9.8ten sam produkt

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/n...

CVE-2023-4322CRITICAL9.8ten sam produkt

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.