Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-8696

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-15 May, 2026 | 20:52
Updated At-19 May, 2026 | 12:30
Rejected At-
Credits

radare2 6.1.5 Use-After-Free via gdbr_pids_list()

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:15 May, 2026 | 20:52
Updated At:19 May, 2026 | 12:30
Rejected At:
â–¼CVE Numbering Authority (CNA)
radare2 6.1.5 Use-After-Free via gdbr_pids_list()

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.

Affected Products
Vendor
Radare2 (r2)radare2
Product
radare2
Default Status
affected
Versions
Affected
  • 6.1.5 (semver)
Unaffected
  • c213ad6894a1eb9086ac8bf5fae35757e9e1683c (git)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Saad Elharaj
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/radareorg/radare2/issues/25836
issue-tracking
https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
patch
https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list
third-party-advisory
Hyperlink: https://github.com/radareorg/radare2/issues/25836
Resource:
issue-tracking
Hyperlink: https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/radareorg/radare2/issues/25836
exploit
Hyperlink: https://github.com/radareorg/radare2/issues/25836
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:15 May, 2026 | 21:16
Updated At:19 May, 2026 | 14:16

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Radare2 (r2)
radare
>>radare2>>Versions up to 6.1.4(inclusive)
cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarydisclosure@vulncheck.com
CWE ID: CWE-416
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683cdisclosure@vulncheck.com
Patch
https://github.com/radareorg/radare2/issues/25836disclosure@vulncheck.com
Exploit
Issue Tracking
https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-listdisclosure@vulncheck.com
Third Party Advisory
https://github.com/radareorg/radare2/issues/25836134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Hyperlink: https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
Source: disclosure@vulncheck.com
Resource:
Patch
Hyperlink: https://github.com/radareorg/radare2/issues/25836
Source: disclosure@vulncheck.com
Resource:
Exploit
Issue Tracking
Hyperlink: https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/radareorg/radare2/issues/25836
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

579Records found

CVE-2026-8695
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.63% / 45.62%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 17:01
Updated-18 May, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
radare2 6.1.5 Use-After-Free via gdbr_threads_list()

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radare2
CWE ID-CWE-416
Use After Free
CVE-2022-28071
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2022-28073
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.40%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2022-0559
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.24% / 65.62%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 10:15
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in radareorg/radare2

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2022-0139
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-1.23% / 65.21%
||
7 Day CHG+0.02%
Published-08 Feb, 2022 | 18:40
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in radareorg/radare2

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2026-6942
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.92% / 77.42%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 20:58
Updated-23 Jun, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mcp without requiring authentication.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2_mcp_serverradare2-mcp
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-1864
Matching Score-8
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-8
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-10||CRITICAL
EPSS-0.45% / 35.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 08:15
Updated-01 Jul, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow and Potential Code Execution in Radare2

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radare2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-1744
Matching Score-8
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-8
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-10||CRITICAL
EPSS-0.47% / 37.20%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 03:24
Updated-01 Jul, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in radare2

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radare2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28070
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-28072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.51%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-29646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 55.00%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 00:00
Updated-17 Jun, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46569
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 55.62%
||
7 Day CHG~0.00%
Published-28 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-46570
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 55.13%
||
7 Day CHG~0.00%
Published-28 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-4021
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.49%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:50
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2radare2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2023-47016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 63.99%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 00:00
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4322
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.93% / 56.09%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 15:27
Updated-03 Jul, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in radareorg/radare2

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Action-Not Available
Vendor-Radare2 (r2)Fedora Project
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3673
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-1.80% / 75.81%
||
7 Day CHG+0.03%
Published-02 Aug, 2021 | 18:09
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.

Action-Not Available
Vendor-n/aFedora ProjectRadare2 (r2)
Product-fedoraradare2radare2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-32494
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-10||CRITICAL
EPSS-0.70% / 48.66%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 18:20
Updated-12 Nov, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radare2
CWE ID-CWE-369
Divide By Zero
CVE-2023-1605
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.27%
||
7 Day CHG-0.01%
Published-23 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in radareorg/radare2

Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-28069
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.74%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-4843
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.4||MEDIUM
EPSS-0.70% / 48.57%
||
7 Day CHG~0.00%
Published-29 Dec, 2022 | 00:00
Updated-09 Apr, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in radareorg/radare2

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1061
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.94% / 56.72%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 09:20
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Buffer Overflow in parseDragons in radareorg/radare2

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.48%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27795
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.45%
||
7 Day CHG~0.00%
Published-19 Aug, 2022 | 22:36
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2radare2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-27793
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.92% / 55.83%
||
7 Day CHG~0.00%
Published-19 Aug, 2022 | 22:43
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2radare2
CWE ID-CWE-193
Off-by-one Error
CVE-2020-24133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.63% / 83.63%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 21:18
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2-extrasn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-17487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 76.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:43
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

Action-Not Available
Vendor-n/aFedora ProjectRadare2 (r2)
Product-fedoraradare2n/a
CVE-2019-12802
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.59% / 72.68%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 20:58
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).

Action-Not Available
Vendor-n/aFedora ProjectRadare2 (r2)
Product-fedoraradare2n/a
CWE ID-CWE-416
Use After Free
CVE-2022-1444
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2022 | 21:20
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap-use-after-free in radareorg/radare2

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2022-1031
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.98% / 57.86%
||
7 Day CHG~0.00%
Published-22 Mar, 2022 | 19:40
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in op_is_set_bp in radareorg/radare2

Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2022-1284
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.80% / 52.02%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 18:45
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap-use-after-free in radareorg/radare2

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2022-0523
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.57%
||
7 Day CHG+0.02%
Published-08 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in radareorg/radare2

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2022-0849
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.65% / 46.65%
||
7 Day CHG~0.00%
Published-05 Mar, 2022 | 09:30
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in r_reg_get_name_idx in radareorg/radare2

Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2018-12320
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.02% / 59.21%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2017-9520
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.07% / 60.75%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2021-32613
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-1.16% / 63.33%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 12:11
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

Action-Not Available
Vendor-n/aFedora ProjectRadare2 (r2)
Product-fedoraradare2radare2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-415
Double Free
CVE-2021-32495
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-10||CRITICAL
EPSS-0.64% / 46.12%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 18:27
Updated-12 Nov, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radare2
CWE ID-CWE-416
Use After Free
CVE-2025-5644
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-2||LOW
EPSS-0.19% / 9.00%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 07:00
Updated-23 Jun, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Radare2 radiff2 cons.c r_cons_flush use after free

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2Radare2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2017-9762
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.00% / 58.47%
||
7 Day CHG~0.00%
Published-19 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2017-7946
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.43%
||
7 Day CHG~0.00%
Published-18 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CVE-2019-19590
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.51% / 82.88%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 01:55
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-0520
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.57%
||
7 Day CHG+0.02%
Published-08 Feb, 2022 | 20:40
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in radareorg/radare2

Use After Free in NPM radare2.js prior to 5.6.2.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2014-1486
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.07% / 93.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2014-1532
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.65% / 90.61%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdenterprise_linux_eusfirefoxubuntu_linuxseamonkeydebian_linuxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedoraopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2025-26623
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.82% / 52.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 19:24
Updated-02 Sep, 2025 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Exiv2
Product-exiv2exiv2
CWE ID-CWE-416
Use After Free
CVE-2025-25568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 41.61%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 00:00
Updated-19 Jul, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack).

Action-Not Available
Vendor-softethern/a
Product-vpnn/a
CWE ID-CWE-416
Use After Free
CVE-2026-9158
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-5.2||MEDIUM
EPSS-0.30% / 22.14%
||
7 Day CHG+0.15%
Published-18 Jun, 2026 | 14:10
Updated-02 Jul, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-4diac_forteEclipse 4diac
CWE ID-CWE-416
Use After Free
CVE-2022-43716
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.95% / 57.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:02
Updated-10 Sep, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.

Action-Not Available
Vendor-Siemens AG
Product-siplus_s7-1200_cp_1243-1_railsimatic_ipc_diagbase_firmwaresiplus_tim_1531_ircsimatic_cp_1243-8_irc_firmwaresimatic_cp_1542sp-1_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_cp_1243-1_dnp3simatic_cp_1243-1_iec_firmwaresimatic_cp_1243-1_firmwaresimatic_cp_1243-7_lte_eu_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresiplus_net_cp_443-1_advancedsiplus_net_cp_1242-7_v2_firmwaresimatic_cp_1242-7_v2siplus_net_cp_443-1_advanced_firmwaretim_1531_irctim_1531_irc_firmwaresimatic_cp_443-1siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_cp_1242-7_v2_firmwaresimatic_cp_1243-8_ircsiplus_s7-1200_cp_1243-1_firmwaresimatic_ipc_diagmonitorsiplus_net_cp_1242-7_v2simatic_cp_1543sp-1simatic_cp_443-1_advanced_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_cp_443-1_firmwaresiplus_tim_1531_irc_firmwaresimatic_cp_1243-7_lte_eusiplus_s7-1200_cp_1243-1simatic_cp_1542sp-1_ircsimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecsimatic_cp_1243-1_dnp3_firmwaresimatic_cp_1542sp-1_irc_firmwaresimatic_cp_1543sp-1_firmwaresimatic_cp_1542sp-1siplus_net_cp_443-1siplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_cp_1243-1_iecsimatic_ipc_diagmonitor_firmwaresiplus_net_cp_443-1_firmwaresimatic_cp_1243-7_lte_us_firmwaresimatic_ipc_diagbasesimatic_cp_443-1_advancedsimatic_cp_1243-7_lte_usSIMATIC CP 1542SP-1TIM 1531 IRCSIPLUS ET 200SP CP 1543SP-1 ISECSIMATIC CP 1242-7 V2SIPLUS S7-1200 CP 1243-1SIMATIC CP 1243-8 IRCSIMATIC CP 1543SP-1SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIPLUS TIM 1531 IRCSIPLUS S7-1200 CP 1243-1 RAILSIMATIC CP 443-1 AdvancedSIMATIC CP 1243-1SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)SIPLUS NET CP 443-1 AdvancedSIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSIMATIC CP 1542SP-1 IRCSIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)SIPLUS NET CP 1242-7 V2SIMATIC CP 443-1SIMATIC CP 1243-7 LTE USSIMATIC CP 1243-7 LTE EUSIPLUS NET CP 443-1siplus_s7-1200_cp_1243-1_railsimatic_cp_1543sp-1siplus_tim_1531_ircsiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_cp_1243-1_dnp3siplus_net_cp_443-1_advancedsimatic_cp_1243-7_lte_eusiplus_s7-1200_cp_1243-1simatic_cp_1542sp-1_ircsimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecsimatic_cp_1542sp-1simatic_cp_443-1siplus_net_cp_443-1siplus_et_200sp_cp_1543sp-1_isec_tx_railsimatic_cp_1243-1_iecsimatic_cp_1242-7_gprs_v2simatic_cp_443-1_advancedsiplus_net_cp_1242-7_v2simatic_cp_1243-7_lte_ussimatic_cp_1243-8
CWE ID-CWE-416
Use After Free
CVE-2025-22408
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 29.42%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2022-4379
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.35% / 92.79%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora Project
Product-fedoralinux_kernelLinux kernel
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found