Radare2
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Radare2.
By the Year
In 2025 there have been 11 vulnerabilities in Radare2 with an average score of 3.9 out of ten. Last year, in 2024 Radare2 had 5 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 1.60
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 11 | 3.90 |
| 2024 | 5 | 5.50 |
| 2023 | 16 | 8.01 |
| 2022 | 48 | 6.95 |
| 2021 | 2 | 6.50 |
| 2020 | 1 | 9.60 |
| 2019 | 8 | 7.48 |
| 2018 | 31 | 5.72 |
It may take a day or so for new Radare2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Radare2 Security Vulnerabilities
A vulnerability was found in Radare2 5.9.9 and classified as problematic
CVE-2025-5647
2.5 - Low
- June 05, 2025
A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
A vulnerability was found in Radare2 5.9.9
CVE-2025-5648
2.5 - Low
- June 05, 2025
A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9
CVE-2025-5645
2.5 - Low
- June 05, 2025
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
A vulnerability has been found in Radare2 5.9.9 and classified as problematic
CVE-2025-5646
2.5 - Low
- June 05, 2025
A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
A vulnerability was found in Radare2 5.9.9
CVE-2025-5641
2.5 - Low
- June 05, 2025
A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.
Buffer Overflow
A vulnerability classified as problematic has been found in Radare2 5.9.9
CVE-2025-5642
2.5 - Low
- June 05, 2025
A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
A vulnerability classified as problematic was found in Radare2 5.9.9
CVE-2025-5643
2.5 - Low
- June 05, 2025
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9
CVE-2025-5644
2.5 - Low
- June 05, 2025
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Buffer Overflow
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2
CVE-2025-1864
9.8 - Critical
- March 03, 2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.
Classic Buffer Overflow
Out-of-bounds Write vulnerability in radareorg radare2
CVE-2025-1744
9.8 - Critical
- February 28, 2025
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.
A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286
CVE-2025-1378
3.3 - Low
- February 17, 2025
A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.
Buffer Overflow
radare2 Buffer Overflow Vulnerability in Name, Type, or Group Fields
CVE-2024-29646
- December 17, 2024
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.
Radare2 Command Injection Vulnerability in Pebble Application File Handling
CVE-2024-11858
- December 15, 2024
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing?
radare2 v.5.8.8 Buffer Overflow Vulnerability in parse_die Function
CVE-2024-29645
- December 02, 2024
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.
An issue in radare2 v5.8.0 through v5.9.4
CVE-2024-48241
- October 30, 2024
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8
CVE-2024-26475
5.5 - Medium
- March 14, 2024
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
NULL Pointer Dereference
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c
CVE-2023-47016
7.5 - High
- November 22, 2023
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.
Memory Corruption
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.
CVE-2023-46569
9.8 - Critical
- October 28, 2023
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.
Out-of-bounds Read
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.
CVE-2023-46570
9.8 - Critical
- October 28, 2023
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.
Out-of-bounds Read
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVE-2023-5686
8.8 - High
- October 20, 2023
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
Memory Corruption
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
CVE-2022-28068
7.5 - High
- August 22, 2023
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
Memory Corruption
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
CVE-2022-28069
7.5 - High
- August 22, 2023
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
Memory Corruption
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
CVE-2022-28070
7.5 - High
- August 22, 2023
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
NULL Pointer Dereference
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
CVE-2022-28071
7.5 - High
- August 22, 2023
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
Dangling pointer
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
CVE-2022-28072
7.5 - High
- August 22, 2023
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
Memory Corruption
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
CVE-2022-28073
7.5 - High
- August 22, 2023
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
Dangling pointer
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVE-2023-4322
9.8 - Critical
- August 14, 2023
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
Memory Corruption
Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function
CVE-2021-32494
7.5 - High
- July 07, 2023
Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.
Divide By Zero
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function
CVE-2021-32495
9.1 - Critical
- July 07, 2023
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
Dangling pointer
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
CVE-2023-1605
7.5 - High
- March 23, 2023
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
Resource Exhaustion
radare2 v5.8.3 was discovered to contain a segmentation fault
CVE-2023-27114
5.5 - Medium
- March 10, 2023
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
NULL Pointer Dereference
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
CVE-2023-0302
7.8 - High
- January 15, 2023
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
Injection
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
CVE-2022-4843
7.5 - High
- December 29, 2022
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
NULL Pointer Dereference
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
CVE-2022-4398
7.8 - High
- December 10, 2022
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
Integer Overflow or Wraparound
An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c
CVE-2020-27793
7.5 - High
- August 19, 2022
An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.
off-by-five
A segmentation fault was discovered in radare2 with adf command
CVE-2020-27795
7.5 - High
- August 19, 2022
A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).
Use of Uninitialized Resource
A double free issue was discovered in radare2 in cmd_info.c:cmd_info()
CVE-2020-27794
9.1 - Critical
- August 19, 2022
A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.
Double-free
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c
CVE-2022-34502
5.5 - Medium
- July 22, 2022
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.
Memory Corruption
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c
CVE-2022-34520
5.5 - Medium
- July 22, 2022
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.
NULL Pointer Dereference
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-1899
9.1 - Critical
- May 26, 2022
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
Out-of-bounds Read
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference
CVE-2021-44974
5.5 - Medium
- May 25, 2022
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
NULL Pointer Dereference
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow
CVE-2021-44975
5.5 - Medium
- May 24, 2022
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.
Buffer Overflow
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-1809
7.8 - High
- May 21, 2022
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
Access of Uninitialized Pointer
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0
CVE-2022-1714
7.1 - High
- May 13, 2022
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
Out-of-bounds Read
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0
CVE-2022-1649
5.5 - Medium
- May 10, 2022
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).
NULL Pointer Dereference
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0
CVE-2022-1452
7.1 - High
- April 24, 2022
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
Out-of-bounds Read
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0
CVE-2022-1451
7.1 - High
- April 24, 2022
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
Out-of-bounds Read
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0
CVE-2022-1444
5.5 - Medium
- April 23, 2022
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.
Dangling pointer
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0
CVE-2022-1437
7.1 - High
- April 22, 2022
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
Memory Corruption
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8
CVE-2022-1382
5.5 - Medium
- April 18, 2022
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.
NULL Pointer Dereference
