Information on source package radare2

Available versions

ReleaseVersion
jessie0.9.6-3.1+deb8u1
stretch1.1.0+dfsg-5
buster2.4.0+dfsg-1
sid2.6.0+dfsg-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-8810vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 2.4.0, there is a heap-based buffer over-read in the ...
CVE-2018-8809vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 2.4.0, there is a heap-based buffer over-read in the ...
CVE-2018-8808vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 2.4.0, there is a heap-based buffer over-read in the ...
CVE-2018-12322vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a heap out of bounds read in radare2 2.6.0 in _6502_op() in ...
CVE-2018-12321vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a heap out of bounds read in radare2 2.6.0 in java_switch_op() ...
CVE-2018-12320vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a use after free in radare2 2.6.0 in r_anal_bb_free() in ...
CVE-2018-11384vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe sh_op() function in radare2 2.5.0 allows remote attackers to cause ...
CVE-2018-11383vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe r_strbuf_fini() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11381vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe string_scan_range() function in radare2 2.5.0 allows remote ...
CVE-2018-11380vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe parse_import_ptr() function in radare2 2.5.0 allows remote ...
CVE-2018-11379vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe get_debug_info() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11378fixedfixedvulnerablevulnerableThe wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ...
CVE-2018-11377vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe avr_op_analyze() function in radare2 2.5.0 allows remote attackers ...
CVE-2018-11376vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe r_read_le32() function in radare2 2.5.0 allows remote attackers to ...
CVE-2018-10187vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 2.5.0, there is a heap-based buffer over-read in the ...
CVE-2018-10186vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn radare2 2.5.0, there is a heap-based buffer over-read in the ...
CVE-2017-9949vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...
CVE-2017-9763vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe grub_ext2_read_block function in fs/ext2.c in GNU GRUB before ...
CVE-2017-9762vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...
CVE-2017-9761vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote ...
CVE-2017-9520vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe r_config_set function in libr/config/config.c in radare2 1.5.0 ...
CVE-2017-7946vulnerable (no DSA)fixedfixedfixedThe get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...
CVE-2017-6448vulnerable (no DSA)fixedfixedfixedThe dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...
CVE-2017-6197vulnerable (no DSA)fixedfixedfixedThe r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 ...
CVE-2017-16805vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...
CVE-2017-16359fixedvulnerable (no DSA)fixedfixedIn radare 2.0.1, a pointer wraparound vulnerability exists in ...
CVE-2017-16357fixedvulnerable (no DSA)fixedfixedIn radare 2.0.1, a memory corruption vulnerability exists in ...
CVE-2017-15932fixedvulnerable (no DSA)fixedfixedIn radare2 2.0.1, an integer exception (negative number leading to an ...
CVE-2017-15931fixedvulnerable (no DSA)fixedfixedIn radare2 2.0.1, an integer exception (negative number leading to an ...
CVE-2017-15385fixedvulnerable (no DSA)fixedfixedThe store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...
CVE-2017-10929vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...
CVE-2015-2305vulnerable (no DSA)fixedfixedfixedInteger overflow in the regcomp implementation in the Henry Spencer ...

Resolved issues

BugDescription
CVE-2018-11382The _inst__sts() function in radare2 2.5.0 allows remote attackers to ...
CVE-2018-11375The _inst__lds() function in radare2 2.5.0 allows remote attackers to ...
CVE-2017-7854The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...
CVE-2017-7716The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 ...
CVE-2017-7274The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...
CVE-2017-6415The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...
CVE-2017-6387The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 ...
CVE-2017-6319The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...
CVE-2017-6194The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows ...
CVE-2017-16358In radare 2.0.1, an out-of-bounds read vulnerability exists in ...
CVE-2017-15368The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 ...

Security announcements

DSA / DLADescription
DLA-1016-1radare2 - security update
DLA-901-1radare2 - security update
DLA-837-1radare2 - security update

Search for package or bug name: Reporting problems