Control: retitle -1 radare2: CVE-2025-5648 CVE-2025-5647 CVE-2025-5646 CVE-2025-5645 CVE-2025-5644 CVE-2025-5643 CVE-2025-5642 CVE-2025-5641
hi, On Thu, Jun 05, 2025 at 05:16:07PM +0200, Moritz Mühlenhoff wrote: > Source: radare2 > X-Debbugs-CC: t...@security.debian.org > Severity: normal > Tags: security > > Hi, > > The following vulnerabilities were published for radare2. > > CVE-2025-5646[0]: > | A vulnerability has been found in Radare2 5.9.9 and classified as > | problematic. This vulnerability affects the function > | r_cons_rainbow_free in the library /libr/cons/pal.c of the component > | radiff2. The manipulation of the argument -T leads to memory > | corruption. It is possible to launch the attack on the local host. > | The complexity of an attack is rather high. The exploitation appears > | to be difficult. The exploit has been disclosed to the public and > | may be used. The real existence of this vulnerability is still > | doubted at the moment. The patch is identified as > | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply > | a patch to fix this issue. The documentation explains that the > | parameter -T is experimental and "crashy". Further analysis has > | shown "the race is not a real problem unless you use asan". A new > | warning has been added. > > https://github.com/radareorg/radare2/issues/24235 > https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 > > > CVE-2025-5645[1]: > | A vulnerability, which was classified as problematic, was found in > | Radare2 5.9.9. This affects the function r_cons_pal_init in the > | library /libr/cons/pal.c of the component radiff2. The manipulation > | of the argument -T leads to memory corruption. Attacking locally is > | a requirement. The complexity of an attack is rather high. The > | exploitability is told to be difficult. The exploit has been > | disclosed to the public and may be used. The real existence of this > | vulnerability is still doubted at the moment. The identifier of the > | patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended > | to apply a patch to fix this issue. The documentation explains that > | the parameter -T is experimental and "crashy". Further analysis has > | shown "the race is not a real problem unless you use asan". A new > | warning has been added. > > https://github.com/radareorg/radare2/issues/24234 > https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 > > > CVE-2025-5644[2]: > | A vulnerability, which was classified as problematic, has been found > | in Radare2 5.9.9. Affected by this issue is the function > | r_cons_flush in the library /libr/cons/cons.c of the component > | radiff2. The manipulation of the argument -T leads to use after > | free. Local access is required to approach this attack. The > | complexity of an attack is rather high. The exploitation is known to > | be difficult. The exploit has been disclosed to the public and may > | be used. The real existence of this vulnerability is still doubted > | at the moment. The name of the patch is > | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply > | a patch to fix this issue. The documentation explains that the > | parameter -T is experimental and "crashy". Further analysis has > | shown "the race is not a real problem unless you use asan". A new > | warning has been added. > > https://github.com/radareorg/radare2/issues/24233 > https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 > > > CVE-2025-5643[3]: > | A vulnerability classified as problematic was found in Radare2 > | 5.9.9. Affected by this vulnerability is the function > | cons_stack_load in the library /libr/cons/cons.c of the component > | radiff2. The manipulation of the argument -T leads to memory > | corruption. An attack has to be approached locally. The complexity > | of an attack is rather high. The exploitation appears to be > | difficult. The exploit has been disclosed to the public and may be > | used. The real existence of this vulnerability is still doubted at > | the moment. The patch is named > | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply > | a patch to fix this issue. The documentation explains that the > | parameter -T is experimental and "crashy". Further analysis has > | shown "the race is not a real problem unless you use asan". A new > | warning has been added. > > https://github.com/radareorg/radare2/issues/24232 > https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 > > > CVE-2025-5642[4]: > | A vulnerability classified as problematic has been found in Radare2 > | 5.9.9. Affected is the function r_cons_pal_init in the library > | /libr/cons/pal.c of the component radiff2. The manipulation leads to > | memory corruption. The attack needs to be approached locally. The > | complexity of an attack is rather high. The exploitability is told > | to be difficult. The exploit has been disclosed to the public and > | may be used. The real existence of this vulnerability is still > | doubted at the moment. The patch is identified as > | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply > | a patch to fix this issue. The documentation explains that the > | parameter -T is experimental and "crashy". Further analysis has > | shown "the race is not a real problem unless you use asan". A new > | warning has been added. > > https://github.com/radareorg/radare2/issues/24231 > https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 > > > CVE-2025-5641[5]: > | A vulnerability was found in Radare2 5.9.9. It has been rated as > | problematic. This issue affects the function r_cons_is_breaked in > | the library /libr/cons/cons.c of the component radiff2. The > | manipulation of the argument -T leads to memory corruption. It is > | possible to launch the attack on the local host. The complexity of > | an attack is rather high. The exploitation is known to be difficult. > | The exploit has been disclosed to the public and may be used. The > | real existence of this vulnerability is still doubted at the moment. > | The identifier of the patch is > | 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply > | a patch to fix this issue. The documentation explains that the > | parameter -T is experimental and "crashy". Further analysis has > | shown "the race is not a real problem unless you use asan". An > | additional warning regarding threading support has been added. > > https://github.com/radareorg/radare2/issues/24230 > https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798 > > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2025-5646 > https://www.cve.org/CVERecord?id=CVE-2025-5646 > [1] https://security-tracker.debian.org/tracker/CVE-2025-5645 > https://www.cve.org/CVERecord?id=CVE-2025-5645 > [2] https://security-tracker.debian.org/tracker/CVE-2025-5644 > https://www.cve.org/CVERecord?id=CVE-2025-5644 > [3] https://security-tracker.debian.org/tracker/CVE-2025-5643 > https://www.cve.org/CVERecord?id=CVE-2025-5643 > [4] https://security-tracker.debian.org/tracker/CVE-2025-5642 > https://www.cve.org/CVERecord?id=CVE-2025-5642 > [5] https://security-tracker.debian.org/tracker/CVE-2025-5641 > https://www.cve.org/CVERecord?id=CVE-2025-5641 > > Please adjust the affected versions in the BTS as needed. TWo more issues refer as well to the same upstream change: CVE-2025-5647 and CVE-2025-5648. Covering them here as well. Regards, Salvatore
