Volerion logoVolerion
Volerion logoVolerion

radareorg radare2 Out-of-Bounds Write Vulnerability Allowing Heap-Based Buffer Over-Read or Overflow

Vulnerability

A heap-based buffer over-read or overflow vulnerability has been identified in radareorg radare2, affecting versions prior to 5.9.9. This out-of-bounds write vulnerability arises in the 'inflate' function, which was derived from the zlib library. The issue stems from the absence of a crucial security patch that zlib received, leading to potential memory corruption.

Impact

Exploitation of this vulnerability can result in a heap-based buffer overflow, allowing for memory corruption that could be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using a version of radare2 prior to 5.9.9 and invoking the 'inflate' function in a manner that exceeds the buffer limits, similar to the conditions described in the original zlib vulnerability CVE-2022-37434.

Remediation

Users can upgrade to radare2 version 5.9.9 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
3.1
exploitability
5.0
remediation
0.0
relevance
0.0
threat
1.6
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.