CVE-2023-4322

CRITICAL

radareorg/radare2 <5.9.0 - Buffer Overflow

Title source: llm

Description

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

References (4)

[Patch] https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd

View Patch ZIP pw:eip

[Exploit, Patch, Third Party Advisory] https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/

Scores

CVSS v3 9.8

EPSS 0.0030

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-122 CWE-787

Status published

Affected Products (3)

radare/radare2 < 5.8.8

fedoraproject/fedora

fedoraproject/fedora

Timeline

Published Aug 14, 2023

Tracked Since Feb 18, 2026