Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.
The vulnerability classified as CWE-787 (Out-of-bounds Write) involves Radare2 improperly managing heap memory during input data processing. An attacker can provide a specially crafted file or input that triggers a write or read outside the allocated buffer area. This error can lead to both heap-based buffer over-read and classic heap buffer overflow.
An attacker can cause arbitrary code execution (RCE), application crash, or other unpredictable consequences resulting from memory corruption, potentially taking control of the system running Radare2.
Radare2 should be updated to version 5.9.9 or newer. Patch details are available in the project references: https://github.com/radareorg/radare2/pull/23969
Radare2 (radareorg/radare2) in all versions before 5.9.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XRadare Radare2
APPRadare≤ 5.9.8
Related vulnerabilities
Buffer overflow w radare2 — przepełnienie bufora pamięci (CVSS 10.0)
Buffer Overflow w Radare2 umożliwiający wykonanie dowolnego kodu (RCE)
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds...
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/n...
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.