CVE-2025-5643 – Radare2 Memory Corruption Vulnerability in Radiff2 Component

Vulnerability

A memory corruption vulnerability has been identified in Radare2 version 5.9.9, specifically within the radiff2 component. The issue arises in the 'cons_stack_load' function of the '/libr/cons/cons.c' library, where the manipulation of the experimental '-T' argument leads to memory corruption. This vulnerability requires local exploitation and has a high attack complexity. Although the existence of this vulnerability is currently disputed, a public exploit is available as a proof-of-concept.

Impact

Exploitation of this vulnerability causes a double-free condition, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by compiling Radare2 with AddressSanitizer enabled, and then using the radiff2 tool with the '-T' option set to a specific value that triggers the vulnerability. The AddressSanitizer will report the double-free error, indicating that the vulnerability has been successfully exploited.

Remediation

Users are advised to update to the patched version of Radare2. The patch is available in the official Radare2 repository on GitHub.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Affected Products

Radare2

Easy fix2 remedies

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*

Easy fix2 remedies

5.9.9

CVSS Scores

volerion

5.5

CVSS 4.0

5.5

Medium

volerion

6.2

CVSS 3.1

6.2

Medium

Vendor

2.0

CVSS 4.0

2.0

Low

Vendor

2.5

CVSS 3.1

2.5

Low

Click a row to open the calculator.

References

https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing

ExploitPartial Content

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

Source CodeVendor

https://github.com/radareorg/radare2/issues/24232

ExploitIssue TrackingTechnical DescriptionVendor

https://github.com/radareorg/radare2/issues/24232#issuecomment-2918841776