Radare2 radiff2 cons.c cons_stack_load memory corruption

CVE Details

Basic Information

Title	Radare2 radiff2 cons.c cons_stack_load memory corruption
Type	cve
Published	2025-06-05T07:00:19.086Z
Last Seen

Product Information

Vendor	n/a
Product	Radare2
Version	5.9.9

CVSS Information

Base Score	2.0 (LOW)
Attack Vector	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description	A memory corruption vulnerability in Radare2’s cons_stack_load function could allow local attackers to cause undefined behavior, though exploitation is considered difficult. The issue is related to the experimental -T parameter, which is known to be unstable. A patch has been provided, but the vulnerability’s existence is still under review.
AI Severity	Low
Vendor	Radare2 Project
Product	Radare2
Affected Version	5.9.9

Additional Information

CVE List
CWE List	CWE-119
Bulletin Family
Source Data	n/a Radare2 5.9.9

Source Information

Source Data	n/a Radare2 5.9.9
Source Link

Description

A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.

CVSS Score Summary

Base Score: 2.0 (LOW)

View Full CVE Details