Tag

Radare2

4 briefs RSS

Radare2 Use-After-Free Vulnerability in GDB Client (CVE-2026-8696)

Radare2 version 6.1.5 contains a use-after-free vulnerability (CVE-2026-8696) in the gdbr_pids_list() function, allowing remote attackers to cause a denial of service or potentially execute arbitrary code via malformed thread information responses.

radare2 6.1.5 use-after-free denial-of-service radare2

2r 2t 1c May 15, 2026

high advisory

Radare2 Path Traversal Vulnerability in Project Deletion

2 rules 1 TTP 1 CVE

Radare2 versions prior to 6.1.4 are vulnerable to a path traversal in project deletion, allowing local attackers to recursively delete arbitrary directories by escaping the 'dir.projects' root, leading to integrity and availability loss.

radare2 path-traversal local-privilege-escalation

2r 1t 1c Apr 23, 2026

high advisory

Radare2 Command Injection Vulnerability (CVE-2026-41015)

2 rules 1 TTP 1 CVE

Radare2 before commit 9236f44, when configured on UNIX without SSL, is vulnerable to command injection via a PDB name passed to rabin2 -PP, potentially allowing arbitrary code execution.

radare2 command-injection cve-2026-41015 linux

2r 1t 1c Apr 16, 2026

high advisory

radare2 PDB Parser Command Injection Vulnerability (CVE-2026-40517)

2 rules 1 TTP 1 CVE

A command injection vulnerability exists in radare2 versions prior to 6.1.4, where a crafted PDB file with newline characters in symbol names can inject arbitrary radare2 commands, leading to arbitrary OS command execution.

radare2 command-injection CVE-2026-40517

2r 1t 1c Jan 24, 2024