Description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
References (3)
Core 3
Core References
Issue Tracking issue-tracking
https://github.com/radareorg/radare2/issues/25836
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list
Scores
CVSS v3
7.5
EPSS
0.0037
EPSS Percentile
58.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (3)
radare/radare2
< 6.1.4
radare2/radare2
6.1.5
radare2/radare2
c213ad6894a1eb9086ac8bf5fae35757e9e1683c
Published
May 15, 2026
Tracked Since
May 16, 2026