CRITICAL🇵🇱 Wersja polska

CVE-2025-1744

CVSS 10.0v4.0pub. 2025-02-28upd. 2025-07-01

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-787 (Out-of-bounds Write) involves Radare2 improperly managing heap memory during input data processing. An attacker can provide a specially crafted file or input that triggers a write or read outside the allocated buffer area. This error can lead to both heap-based buffer over-read and classic heap buffer overflow.

Impact

An attacker can cause arbitrary code execution (RCE), application crash, or other unpredictable consequences resulting from memory corruption, potentially taking control of the system running Radare2.

Mitigation & patch

Radare2 should be updated to version 5.9.9 or newer. Patch details are available in the project references: https://github.com/radareorg/radare2/pull/23969

Who is affected

Radare2 (radareorg/radare2) in all versions before 5.9.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Radare Radare2

    APP
    Radare
    ≤ 5.9.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-1864CRITICAL10.0PL ✓ten sam produkt

Buffer overflow w radare2 — przepełnienie bufora pamięci (CVSS 10.0)

CVE-2024-29646CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Radare2 umożliwiający wykonanie dowolnego kodu (RCE)

CVE-2023-46569CRITICAL9.8ten sam produkt

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds...

CVE-2023-46570CRITICAL9.8ten sam produkt

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/n...

CVE-2023-4322CRITICAL9.8ten sam produkt

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.