Download
| Alert*
oval:org.secpod.oval:def:2000443
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef in libr/bin/format/elf/elf.c. oval:org.secpod.oval:def:2001472 In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service by crafting an input file. oval:org.secpod.oval:def:2001613 In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service by crafting an input file, a related issue to CVE-2018-20456. oval:org.secpod.oval:def:2000155 In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. oval:org.secpod.oval:def:2000729 In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef and store_versioninfo_gnu_verneed in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. oval:org.secpod.oval:def:2000201 The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. oval:org.secpod.oval:def:1900417 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:2000359 The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:704550 radare2 is installed oval:org.secpod.oval:def:115764 radare2 is installed oval:org.secpod.oval:def:2001376 There is a use after free in radare2 2.6.0 in r_anal_bb_free in libr/anal/bb.c via a crafted Java binary file. oval:org.secpod.oval:def:2000214 The r_strbuf_fini function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. oval:org.secpod.oval:def:2000178 In radare2 2.0.1, an integer exception exists in store_versioninfo_gnu_verdef in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. oval:org.secpod.oval:def:2001424 opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:2000170 The avr_op_analyze function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900668 getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:2000609 In radare2 2.0.1, an integer exception exists in store_versioninfo_gnu_verneed in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. oval:org.secpod.oval:def:2000768 In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service by crafting an input file, a related issue to CVE-2018-20455. oval:org.secpod.oval:def:2000403 In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459 ... oval:org.secpod.oval:def:2001077 The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. oval:org.secpod.oval:def:2000962 The r_read_le32 function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:2001078 The parse_import_ptr function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted Mach-O file. oval:org.secpod.oval:def:2000181 In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service by crafting an input file. oval:org.secpod.oval:def:2000217 In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier. oval:org.secpod.oval:def:2000734 The sh_op function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:2001461 In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. oval:org.secpod.oval:def:2000532 There is a heap out of bounds read in radare2 2.6.0 in _6502_op in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. oval:org.secpod.oval:def:2001343 There is a heap out of bounds read in radare2 2.6.0 in java_switch_op in libr/anal/p/anal_java.c via a crafted Java binary file. oval:org.secpod.oval:def:2000276 In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. oval:org.secpod.oval:def:2000353 The string_scan_range function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000991 In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service by crafting a binary file. oval:org.secpod.oval:def:2000900 In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. oval:org.secpod.oval:def:2001450 getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:2000985 The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted Mini Crash Dump file. oval:org.secpod.oval:def:2000200 The get_debug_info function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted PE file. oval:org.secpod.oval:def:2001486 In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. oval:org.secpod.oval:def:1801643 radare2 is installed oval:org.secpod.oval:def:121738 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... oval:org.secpod.oval:def:120774 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... oval:org.secpod.oval:def:120776 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... oval:org.secpod.oval:def:117195 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... oval:org.secpod.oval:def:116900 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... oval:org.secpod.oval:def:1900186 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. oval:org.secpod.oval:def:2000035 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02 ... oval:org.secpod.oval:def:1900389 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service via a crafted binary file, related to use of a variable-size stackarray. oval:org.secpod.oval:def:1900423 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900397 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. oval:org.secpod.oval:def:2000340 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. oval:org.secpod.oval:def:2000773 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900442 The dex_load code function in libr/bin/p/bin_dex.c in radare2 1.2.1 allow sremote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900373 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:1900379 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000656 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900925 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Web Assembly file. oval:org.secpod.oval:def:1900855 The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Mach0 file. oval:org.secpod.oval:def:1900898 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000723 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1901131 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1901063 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service via a crafted binary file, as demonstrated by the r_read_le32 function. oval:org.secpod.oval:def:2001213 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. oval:org.secpod.oval:def:1901734 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. oval:org.secpod.oval:def:2000654 In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018 ... oval:org.secpod.oval:def:126462 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... oval:org.secpod.oval:def:126463 The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and functi ... |