{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/radare2-6.1.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-8695"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["radare2 (6.1.5)"],"_cs_severities":["high"],"_cs_tags":["use-after-free","memory-corruption","gdb","debugging"],"_cs_type":"advisory","_cs_vendors":["radare"],"content_html":"\u003cp\u003eradare2 is a reverse engineering and binary analysis framework. Version 6.1.5 contains a use-after-free vulnerability (CVE-2026-8695) within the \u003ccode\u003egdbr_threads_list()\u003c/code\u003e function. This flaw can be exploited by remote attackers via GDB remote debugging. By sending a specifically crafted sequence of GDB thread information requests, specifically a valid \u003ccode\u003eqfThreadInfo\u003c/code\u003e followed by a malformed \u003ccode\u003eqsThreadInfo\u003c/code\u003e request, an attacker can trigger memory corruption. Successful exploitation could lead to a denial-of-service condition or potentially arbitrary code execution. This vulnerability poses a risk to systems where radare2 is used for debugging or analysis of potentially untrusted binaries.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker establishes a GDB remote debugging connection to the target radare2 instance.\u003c/li\u003e\n\u003cli\u003eAttacker sends a valid \u003ccode\u003eqfThreadInfo\u003c/code\u003e request to initiate thread list retrieval.\u003c/li\u003e\n\u003cli\u003eThe radare2 instance processes the \u003ccode\u003eqfThreadInfo\u003c/code\u003e request and prepares the initial thread list.\u003c/li\u003e\n\u003cli\u003eAttacker sends a malformed \u003ccode\u003eqsThreadInfo\u003c/code\u003e request as a continuation of thread list retrieval.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003egdbr_threads_list()\u003c/code\u003e function attempts to process the malformed \u003ccode\u003eqsThreadInfo\u003c/code\u003e response.\u003c/li\u003e\n\u003cli\u003eDue to the malformed data, the function accesses a previously freed memory location.\u003c/li\u003e\n\u003cli\u003eThis use-after-free condition triggers memory corruption.\u003c/li\u003e\n\u003cli\u003eDepending on the memory layout and attacker-controlled data, this can lead to a denial of service (application crash) or potentially code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8695 can result in a denial-of-service condition, where the radare2 application crashes, interrupting debugging or analysis tasks. In more sophisticated scenarios, attackers could potentially achieve arbitrary code execution by carefully manipulating the memory corruption caused by the use-after-free vulnerability. The impact is greatest in environments where radare2 is used to analyze potentially malicious binaries, as the attacker could leverage this vulnerability to compromise the analysis system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a version of radare2 that patches CVE-2026-8695.\u003c/li\u003e\n\u003cli\u003eMonitor network connections for unusual GDB debugging traffic using the \u003ccode\u003eDetect Malformed GDB Thread Info Request\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eConsider restricting access to GDB debugging interfaces to trusted networks or users.\u003c/li\u003e\n\u003cli\u003eReview the provided references (especially the VulnCheck advisory) for more context on the exploitation details for CVE-2026-8695.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-15T17:19:37Z","date_published":"2026-05-15T17:19:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-radare2-uaf/","summary":"radare2 version 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function, allowing remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response, potentially leading to denial of service or code execution through GDB remote debugging (CVE-2026-8695).","title":"radare2 Use-After-Free Vulnerability in gdbr_threads_list() Function (CVE-2026-8695)","url":"https://feed.craftedsignal.io/briefs/2026-05-radare2-uaf/"}],"language":"en","title":"CraftedSignal Threat Feed — Radare2 (6.1.5)","version":"https://jsonfeed.org/version/1.1"}