pancake

71 exploits Active since Feb 2017
CVE-2026-8696 WRITEUP HIGH WRITEUP
radare2 6.1.5 Use-After-Free via gdbr_pids_list()
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
CVSS 7.5
CVE-2026-8695 WRITEUP HIGH WRITEUP
radare2 6.1.5 Use-After-Free via gdbr_threads_list()
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
CVSS 7.5
CVE-2018-11377 WRITEUP MEDIUM WRITEUP
radare2 2.5.0 - Denial of Service via Heap-Based Out-of-Bounds Read in avr_op_analyze()
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVSS 5.5
CVE-2026-6942 WRITEUP CRITICAL WRITEUP
radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mcp without requiring authentication.
CVSS 9.8
CVE-2026-40499 WRITEUP HIGH WRITEUP
radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted section names to inject r2 commands that are executed when the idp command processes the file.
CVSS 7.8
CVE-2026-4174 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Uncontrolled Resource Consumption in Mach-O File Parser
A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. Upgrading to version 6.1.2 is capable of addressing this issue. The name of the patch is 4371ae84c99c46b48cb21badbbef06b30757aba0. You should upgrade the affected component. The code maintainer states that, "[he] wont consider this bug a DoS".
CVSS 3.3
CVE-2017-10929 WRITEUP HIGH WRITEUP
radare2 1.5.0 - Heap-Based Buffer Overflow via Crafted Binary File
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.
CVSS 7.8
CVE-2017-15368 WRITEUP HIGH WRITEUP
radare2 2.0.0 - Denial of Service via Crafted WASM File in wasm_dis Function
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.
CVSS 7.8
CVE-2017-15385 WRITEUP HIGH WRITEUP
radare2 2.0.0 - Denial of Service via Crafted ELF File
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.
CVSS 7.8
CVE-2017-15931 WRITEUP HIGH WRITEUP
radare2 2.0.1 - Out-of-bounds Read in ELF Version Info Processing
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
CVSS 7.8
CVE-2017-15932 WRITEUP HIGH WRITEUP
radare2 2.0.1 - Out-of-bounds Read in ELF Version Parsing
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.
CVSS 7.8
CVE-2017-16358 WRITEUP HIGH WRITEUP
radare2 2.0.1 - Out-of-Bounds Read in string_scan_range()
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
CVSS 7.8
CVE-2017-16805 WRITEUP MEDIUM WRITEUP
radare2 2.0.1 - Denial of Service via Crafted ELF File
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
CVSS 5.5
CVE-2017-6197 WRITEUP MEDIUM WRITEUP
radare2 1.2.1 - Denial of Service via NULL Pointer Dereference in r_read_* Functions
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
CVSS 5.5
CVE-2017-6319 WRITEUP HIGH WRITEUP
radare2 1.2.1 - Buffer Overflow in DEX Debug Item Parser
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
CVSS 7.8
CVE-2017-7854 WRITEUP MEDIUM WRITEUP
radare2 - Denial of Service via Crafted Web Assembly File
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVSS 5.5
CVE-2017-7946 WRITEUP MEDIUM WRITEUP
radare2 1.3.0 - Use-After-Free in Mach0 File Parser
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.
CVSS 5.5
CVE-2017-9520 WRITEUP MEDIUM WRITEUP
radare2 1.5.0 - Use-After-Free via Crafted DEX File
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
CVSS 5.5
CVE-2017-9761 WRITEUP MEDIUM WRITEUP
radare2 1.5.0 - Denial of Service via Heap-Based Out-of-Bounds Read in find_eoq Function
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVSS 5.5
CVE-2017-9763 WRITEUP HIGH WRITEUP
radare2 1.5.0 - Denial of Service via Crafted Binary File
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
CVSS 7.5
CVE-2017-9949 WRITEUP HIGH WRITEUP
radare2 1.5.0 - Out-of-bounds Write via Crafted Binary File
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.
CVSS 7.8
CVE-2018-11375 WRITEUP MEDIUM WRITEUP
radare2 2.5.0 - Denial of Service via Crafted Binary File
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVSS 5.5
CVE-2018-11377 WRITEUP MEDIUM WRITEUP
radare2 2.5.0 - Denial of Service via Heap-Based Out-of-Bounds Read in avr_op_analyze()
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVSS 5.5
CVE-2018-11378 WRITEUP HIGH WRITEUP
radare2 - Heap-Based Buffer Overflow in wasm_dis() Function
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
CVSS 7.8
CVE-2018-11379 WRITEUP MEDIUM WRITEUP
radare2 2.5.0 - Denial of Service via Crafted PE File in get_debug_info()
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.
CVSS 5.5