CVE-2024-26475

MEDIUM

radare2 0.9.7-5.8.6 - Denial of Service via grub_sfs_read_extent Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-26475. PoCs published by TronciuVlad.

AI-analyzed exploit summary The repository provides a detailed analysis and patch for CVE-2024-26475, a NULL pointer dereference vulnerability in radare2's grub_sfs_read_extent function, which can lead to a denial of service. The fix involves adding a check for the allocation state of grub_malloc.

Description

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.

Exploits (1)

nomisec WRITEUP 1 stars

by TronciuVlad · poc

https://github.com/TronciuVlad/CVE-2024-26475

View Code ZIP pw:eip

The repository provides a detailed analysis and patch for CVE-2024-26475, a NULL pointer dereference vulnerability in radare2's grub_sfs_read_extent function, which can lead to a denial of service. The fix involves adding a check for the allocation state of grub_malloc.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: radare2 v.0.9.7 through v.5.8.6

No auth needed

Prerequisites: Local access to the system running radare2

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Patch, Third Party Advisory

https://github.com/TronciuVlad/CVE-2024-26475

Scores

CVSS v3 5.5

EPSS 0.0027

EPSS Percentile 19.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

radare/radare2 0.9.7 - 5.8.8

Published Mar 14, 2024

Tracked Since Feb 18, 2026