pancake

71 exploits Active since Feb 2017
CVE-2022-1240 WRITEUP HIGH WRITEUP
radare2 < 5.6.6 - Heap-based Buffer Overflow in mach0.c
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVSS 7.8
CVE-2022-1244 WRITEUP MEDIUM WRITEUP
radare2 < 5.6.8 - Heap-based Buffer Overflow
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
CVSS 5.5
CVE-2022-1297 WRITEUP CRITICAL WRITEUP
radare2 < 5.6.8 - Out-of-bounds Read in r_bin_ne_get_entrypoints
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
CVSS 9.1
CVE-2022-4398 WRITEUP HIGH WRITEUP
radareorg/radare2 <5.8.0 - Memory Corruption
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
CVSS 7.8
CVE-2022-4843 WRITEUP HIGH WRITEUP
radare2 <5.8.2 - NULL Pointer Dereference
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
CVSS 7.5
CVE-2023-0302 WRITEUP HIGH WRITEUP
radare2 < 5.8.2 - Command Injection via Unsanitized Special Elements
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
CVSS 7.8
CVE-2023-27114 WRITEUP MEDIUM WRITEUP
radare2 5.8.3 - Denial of Service via wasm_dis Component
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
CVSS 5.5
CVE-2023-4322 WRITEUP CRITICAL WRITEUP
radareorg/radare2 <5.9.0 - Buffer Overflow
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVSS 9.8
CVE-2023-47016 WRITEUP HIGH WRITEUP
radare2 < 5.9.0 - Out-of-bounds Write in r_bin_object_set_items
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.
CVSS 7.5
CVE-2023-5686 WRITEUP HIGH WRITEUP
radare2 < 5.9.0 - Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVSS 8.8
CVE-2024-53256 WRITEUP HIGH WRITEUP
rizin < 0.7.4 - OS Command Injection via Malicious Binary bclass Execution
Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.
CVSS 7.8
CVE-2025-5641 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Memory Corruption in radiff2 via -T Argument
A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.
CVSS 2.5
CVE-2025-5642 WRITEUP LOW WRITEUP
radare2 5.9.9 - Memory Corruption in radiff2 r_cons_pal_init
A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-5643 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Memory Corruption in radiff2 via -T Argument
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-5644 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Use-After-Free in r_cons_flush via -T Argument
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-5645 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Memory Corruption in radiff2 via -T Argument
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-5646 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Memory Corruption in r_cons_rainbow_free via -T Argument
A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-5647 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Memory Corruption in radiff2 via -T Argument
A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-5648 WRITEUP LOW WRITEUP
Radare2 5.9.9 - Memory Corruption in r_cons_pal_init via -T Argument
A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS 2.5
CVE-2025-63744 WRITEUP MEDIUM WRITEUP
radare2 < 6.0.5 - NULL Pointer Dereference in bin_dyldcache load() Function
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.
CVSS 4.3
CVE-2025-63745 WRITEUP MEDIUM WRITEUP
radare2 < 6.0.5 - Denial of Service via NULL Pointer Dereference in bin_ne.c info()
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.
CVSS 5.5