CVE-2021-32495

CRITICAL

Radare2 - Use After Free

Title source: rule

Description

Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

References (2)

[Patch, Vendor Advisory] https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05

View Patch ZIP pw:eip

[Issue Tracking, Patch, Vendor Advisory] https://github.com/radareorg/radare2/issues/18666

Scores

CVSS v3 10.0

EPSS 0.0030

EPSS Percentile 52.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-416

Status published

Products (1)

radare/radare2 5.3.0

Published Jul 07, 2023

Tracked Since Feb 18, 2026