pancake

68 exploits Active since Feb 2017
CVE-2018-11384 WRITEUP MEDIUM WRITEUP
Radare2 - Out-of-Bounds Read
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
CVSS 5.5
CVE-2018-12320 WRITEUP HIGH WRITEUP
radare2 <2.6.0 - Use After Free
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
CVSS 7.8
CVE-2018-12321 WRITEUP HIGH WRITEUP
radare2 <2.6.0 - Info Disclosure
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.
CVSS 7.8
CVE-2018-12322 WRITEUP MEDIUM WRITEUP
radare2 <2.6.0 - Info Disclosure
There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.
CVSS 5.5
CVE-2018-20458 WRITEUP MEDIUM WRITEUP
Radare2 < 3.1.1 - Out-of-Bounds Read
In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.
CVSS 5.5
CVE-2018-20460 WRITEUP MEDIUM WRITEUP
Radare2 < 3.1.2 - Out-of-Bounds Write
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.
CVSS 5.5
CVE-2019-16718 WRITEUP HIGH WRITEUP
radare2 <3.9.0 - Command Injection
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.
CVSS 7.8
CVE-2021-32494 WRITEUP CRITICAL WRITEUP
Radare2 - Divide By Zero
Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.
CVSS 10.0
CVE-2021-32495 WRITEUP CRITICAL WRITEUP
Radare2 - Use After Free
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
CVSS 10.0
CVE-2021-32613 WRITEUP MEDIUM WRITEUP
Radare2 < 5.3.0 - Use After Free
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
CVSS 5.5
CVE-2022-0419 WRITEUP MEDIUM WRITEUP
radare2 <5.6.0 - NULL Pointer Dereference
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
CVSS 5.5
CVE-2022-0476 WRITEUP MEDIUM WRITEUP
radare2 <5.6.4 - DoS
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS 5.5
CVE-2022-0559 WRITEUP CRITICAL WRITEUP
radareorg/radare2 <5.6.2 - Use After Free
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVSS 9.8
CVE-2022-0676 WRITEUP HIGH WRITEUP
radareorg/radare2 <5.6.4 - Buffer Overflow
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS 7.8
CVE-2022-0695 WRITEUP MEDIUM WRITEUP
radare2 <5.6.4 - DoS
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS 5.5
CVE-2022-0712 WRITEUP MEDIUM WRITEUP
radare2 <5.6.4 - NULL Pointer Dereference
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS 5.5
CVE-2022-0713 WRITEUP HIGH WRITEUP
radare2 <5.6.4 - Buffer Overflow
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS 7.1
CVE-2022-1031 WRITEUP HIGH WRITEUP
Radare2 < 5.6.6 - Use After Free
Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.
CVSS 7.8
CVE-2022-1052 WRITEUP MEDIUM WRITEUP
Radare2 < 5.6.6 - Out-of-Bounds Write
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
CVSS 5.5
CVE-2022-1207 WRITEUP MEDIUM WRITEUP
Radare2 < 5.6.8 - Out-of-Bounds Read
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.
CVSS 6.6
CVE-2022-1237 WRITEUP HIGH WRITEUP
Radare2 < 5.6.8 - Improper Array Index Validation
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVSS 7.8
CVE-2022-1238 WRITEUP HIGH WRITEUP
Radare2 < 5.6.8 - Out-of-Bounds Write
Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVSS 7.8
CVE-2022-1240 WRITEUP HIGH WRITEUP
Radare2 < 5.6.6 - Out-of-Bounds Write
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVSS 7.8
CVE-2022-1244 WRITEUP MEDIUM WRITEUP
Radare2 < 5.6.8 - Heap Buffer Overflow
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
CVSS 5.5
CVE-2022-1297 WRITEUP CRITICAL WRITEUP
Radare2 < 5.6.8 - Out-of-Bounds Read
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
CVSS 9.1