CVE 8.7 HIGH

radare2 6.1.5 Use-After-Free via gdbr_pids_list()_CVE-2026-8696

May 15, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.

AI Analysis

Use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core

Basic Information

ID CVE-2026-8696

Source VulnCheck

Published May 15, 2026 at 20:52

Affected Product

Vendor radare2

Product radare2

Version 6.1.5

Affected Versions radare2 radare2 6.1.5

CWE Classification

CWE-416

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor radare2

Product radare2

Version 6.1.5

References

{
    "lastseen": "",
    "description": "radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.",
    "published": "2026-05-15T20:52:32.575Z",
    "modified": "2026-05-15T20:52:32.575Z",
    "type": "cve",
    "title": "radare2 6.1.5 Use-After-Free via gdbr_pids_list()",
    "source": "VulnCheck",
    "references": "https://github.com/radareorg/radare2/issues/25836\nhttps://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c\nhttps://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list",
    "id": "CVE-2026-8696",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "radare2 radare2 6.1.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "radare2",
    "version": "6.1.5",
    "vendor": "radare2",
    "ai_description": "Use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core",
    "ai_severity": "High",
    "ai_vendor": "radare2",
    "ai_product": "radare2",
    "ai_version": "6.1.5",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply