Information on source package radare2

Available versions

ReleaseVersion
jessie0.9.6-3.1+deb8u1
stretch1.1.0+dfsg-5
buster3.2.1+dfsg-5
bullseye3.2.1+dfsg-5
sid3.2.1+dfsg-5

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-19590vulnerablevulnerablevulnerablevulnerablevulnerableIn radare2 through 4.0, there is an integer overflow for the variable ...
CVE-2019-14745vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 before 3.7.0, a command injection vulnerability exists in b ...
CVE-2019-12865vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...
CVE-2019-12829vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableradare2 through 3.5.1 mishandles the RParse API, which allows remote a ...
CVE-2019-12802vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...
CVE-2019-12790vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 through 3.5.1, there is a heap-based buffer over-read in th ...
CVE-2018-8810vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...
CVE-2018-8809vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn radare2 2.4.0, there is a heap-based buffer over-read in the dalvik ...
CVE-2018-8808vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_ ...
CVE-2018-20461fixedvulnerable (no DSA)fixedfixedfixedIn radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c all ...
CVE-2018-20460fixedvulnerable (no DSA)fixedfixedfixedIn radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch ...
CVE-2018-20459fixedvulnerable (no DSA)fixedfixedfixedIn radare2 through 3.1.3, the armass_assemble function in libr/asm/arc ...
CVE-2018-20458fixedvulnerable (no DSA)fixedfixedfixedIn radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/ ...
CVE-2018-20457fixedvulnerable (no DSA)fixedfixedfixedIn radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_ ...
CVE-2018-20456fixedvulnerable (no DSA)fixedfixedfixedIn radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...
CVE-2018-20455fixedvulnerable (no DSA)fixedfixedfixedIn radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...
CVE-2018-19843fixedvulnerable (no DSA)fixedfixedfixedopmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attack ...
CVE-2018-19842fixedvulnerable (no DSA)fixedfixedfixedgetToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows att ...
CVE-2018-15834fixedvulnerable (no DSA)fixedfixedfixedIn radare2 before 2.9.0, a heap overflow vulnerability exists in the r ...
CVE-2018-14017vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe r_bin_java_annotation_new function in shlr/java/class.c in radare2 ...
CVE-2018-14016vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7. ...
CVE-2018-14015vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote ...
CVE-2018-12322vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThere is a heap out of bounds read in radare2 2.6.0 in _6502_op() in l ...
CVE-2018-12321vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThere is a heap out of bounds read in radare2 2.6.0 in java_switch_op( ...
CVE-2018-12320vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThere is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr ...
CVE-2018-11384vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe sh_op() function in radare2 2.5.0 allows remote attackers to cause ...
CVE-2018-11383vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe r_strbuf_fini() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11381vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe string_scan_range() function in radare2 2.5.0 allows remote attack ...
CVE-2018-11380vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe parse_import_ptr() function in radare2 2.5.0 allows remote attacke ...
CVE-2018-11379vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe get_debug_info() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11377vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe avr_op_analyze() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11376vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe r_read_le32() function in radare2 2.5.0 allows remote attackers to ...
CVE-2018-10187vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn radare2 2.5.0, there is a heap-based buffer over-read in the dalvik ...
CVE-2018-10186vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_ ...
CVE-2017-9949vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...
CVE-2017-9763vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...
CVE-2017-9762vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...
CVE-2017-9761vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remot ...
CVE-2017-9520vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe r_config_set function in libr/config/config.c in radare2 1.5.0 all ...
CVE-2017-7946vulnerable (no DSA)fixedfixedfixedfixedThe get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...
CVE-2017-6448vulnerable (no DSA)fixedfixedfixedfixedThe dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...
CVE-2017-6197vulnerable (no DSA)fixedfixedfixedfixedThe r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 all ...
CVE-2017-16805vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...
CVE-2017-16359fixedvulnerable (no DSA)fixedfixedfixedIn radare 2.0.1, a pointer wraparound vulnerability exists in store_ve ...
CVE-2017-16357fixedvulnerable (no DSA)fixedfixedfixedIn radare 2.0.1, a memory corruption vulnerability exists in store_ver ...
CVE-2017-15932fixedvulnerable (no DSA)fixedfixedfixedIn radare2 2.0.1, an integer exception (negative number leading to an ...
CVE-2017-15931fixedvulnerable (no DSA)fixedfixedfixedIn radare2 2.0.1, an integer exception (negative number leading to an ...
CVE-2017-15385fixedvulnerable (no DSA)fixedfixedfixedThe store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...
CVE-2017-10929vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...
CVE-2015-2305vulnerable (no DSA)fixedfixedfixedfixedInteger overflow in the regcomp implementation in the Henry Spencer BS ...

Resolved issues

BugDescription
CVE-2019-16718In radare2 before 3.9.0, a command injection vulnerability exists in b ...
CVE-2018-11382The _inst__sts() function in radare2 2.5.0 allows remote attackers to ...
CVE-2018-11378The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ha ...
CVE-2018-11375The _inst__lds() function in radare2 2.5.0 allows remote attackers to ...
CVE-2017-7854The consume_init_expr function in wasm.c in radare2 1.3.0 allows remot ...
CVE-2017-7716The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 a ...
CVE-2017-7274The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...
CVE-2017-6415The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...
CVE-2017-6387The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 all ...
CVE-2017-6319The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...
CVE-2017-6194The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...
CVE-2017-16358In radare 2.0.1, an out-of-bounds read vulnerability exists in string_ ...
CVE-2017-15368The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...

Security announcements

DSA / DLADescription
DLA-1016-1radare2 - security update
DLA-901-1radare2 - security update
DLA-837-1radare2 - security update

Search for package or bug name: Reporting problems