All errata/sisyphus/ALT-PU-2024-4821-2
ALT-PU-2024-4821-2

Package update radare2 in branch sisyphus

Version5.9.0-alt1
Task#344102
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (7)

CVE-2023-4322
CRITICAL9.8

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Published: 2023-08-14Modified: 2024-11-21
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-46569
CRITICAL9.8

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.

Published: 2023-10-28Modified: 2024-11-21
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-46570
CRITICAL9.8

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.

Published: 2023-10-28Modified: 2024-11-21
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-47016
HIGH7.5

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

Published: 2023-11-22Modified: 2024-11-21
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2023-5686
HIGH8.8

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Published: 2023-10-20Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2024-29646
CRITICAL9.8

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

Published: 2024-12-17Modified: 2025-06-17
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References