Source: radare2 X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security
Hi, The following vulnerabilities were published for radare2. CVE-2025-5646[0]: | A vulnerability has been found in Radare2 5.9.9 and classified as | problematic. This vulnerability affects the function | r_cons_rainbow_free in the library /libr/cons/pal.c of the component | radiff2. The manipulation of the argument -T leads to memory | corruption. It is possible to launch the attack on the local host. | The complexity of an attack is rather high. The exploitation appears | to be difficult. The exploit has been disclosed to the public and | may be used. The real existence of this vulnerability is still | doubted at the moment. The patch is identified as | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply | a patch to fix this issue. The documentation explains that the | parameter -T is experimental and "crashy". Further analysis has | shown "the race is not a real problem unless you use asan". A new | warning has been added. https://github.com/radareorg/radare2/issues/24235 https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 CVE-2025-5645[1]: | A vulnerability, which was classified as problematic, was found in | Radare2 5.9.9. This affects the function r_cons_pal_init in the | library /libr/cons/pal.c of the component radiff2. The manipulation | of the argument -T leads to memory corruption. Attacking locally is | a requirement. The complexity of an attack is rather high. The | exploitability is told to be difficult. The exploit has been | disclosed to the public and may be used. The real existence of this | vulnerability is still doubted at the moment. The identifier of the | patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended | to apply a patch to fix this issue. The documentation explains that | the parameter -T is experimental and "crashy". Further analysis has | shown "the race is not a real problem unless you use asan". A new | warning has been added. https://github.com/radareorg/radare2/issues/24234 https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 CVE-2025-5644[2]: | A vulnerability, which was classified as problematic, has been found | in Radare2 5.9.9. Affected by this issue is the function | r_cons_flush in the library /libr/cons/cons.c of the component | radiff2. The manipulation of the argument -T leads to use after | free. Local access is required to approach this attack. The | complexity of an attack is rather high. The exploitation is known to | be difficult. The exploit has been disclosed to the public and may | be used. The real existence of this vulnerability is still doubted | at the moment. The name of the patch is | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply | a patch to fix this issue. The documentation explains that the | parameter -T is experimental and "crashy". Further analysis has | shown "the race is not a real problem unless you use asan". A new | warning has been added. https://github.com/radareorg/radare2/issues/24233 https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 CVE-2025-5643[3]: | A vulnerability classified as problematic was found in Radare2 | 5.9.9. Affected by this vulnerability is the function | cons_stack_load in the library /libr/cons/cons.c of the component | radiff2. The manipulation of the argument -T leads to memory | corruption. An attack has to be approached locally. The complexity | of an attack is rather high. The exploitation appears to be | difficult. The exploit has been disclosed to the public and may be | used. The real existence of this vulnerability is still doubted at | the moment. The patch is named | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply | a patch to fix this issue. The documentation explains that the | parameter -T is experimental and "crashy". Further analysis has | shown "the race is not a real problem unless you use asan". A new | warning has been added. https://github.com/radareorg/radare2/issues/24232 https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 CVE-2025-5642[4]: | A vulnerability classified as problematic has been found in Radare2 | 5.9.9. Affected is the function r_cons_pal_init in the library | /libr/cons/pal.c of the component radiff2. The manipulation leads to | memory corruption. The attack needs to be approached locally. The | complexity of an attack is rather high. The exploitability is told | to be difficult. The exploit has been disclosed to the public and | may be used. The real existence of this vulnerability is still | doubted at the moment. The patch is identified as | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply | a patch to fix this issue. The documentation explains that the | parameter -T is experimental and "crashy". Further analysis has | shown "the race is not a real problem unless you use asan". A new | warning has been added. https://github.com/radareorg/radare2/issues/24231 https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 CVE-2025-5641[5]: | A vulnerability was found in Radare2 5.9.9. It has been rated as | problematic. This issue affects the function r_cons_is_breaked in | the library /libr/cons/cons.c of the component radiff2. The | manipulation of the argument -T leads to memory corruption. It is | possible to launch the attack on the local host. The complexity of | an attack is rather high. The exploitation is known to be difficult. | The exploit has been disclosed to the public and may be used. The | real existence of this vulnerability is still doubted at the moment. | The identifier of the patch is | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply | a patch to fix this issue. The documentation explains that the | parameter -T is experimental and "crashy". Further analysis has | shown "the race is not a real problem unless you use asan". An | additional warning regarding threading support has been added. https://github.com/radareorg/radare2/issues/24230 https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-5646 https://www.cve.org/CVERecord?id=CVE-2025-5646 [1] https://security-tracker.debian.org/tracker/CVE-2025-5645 https://www.cve.org/CVERecord?id=CVE-2025-5645 [2] https://security-tracker.debian.org/tracker/CVE-2025-5644 https://www.cve.org/CVERecord?id=CVE-2025-5644 [3] https://security-tracker.debian.org/tracker/CVE-2025-5643 https://www.cve.org/CVERecord?id=CVE-2025-5643 [4] https://security-tracker.debian.org/tracker/CVE-2025-5642 https://www.cve.org/CVERecord?id=CVE-2025-5642 [5] https://security-tracker.debian.org/tracker/CVE-2025-5641 https://www.cve.org/CVERecord?id=CVE-2025-5641 Please adjust the affected versions in the BTS as needed.
