Haijun Wang

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.7.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted Mini Crash Dump file. This is related to the `r bin mdmp init directory entry` function in `mdmp.c`. **Recommendations** For radare2 version 2.7.0, consider avoiding the use of the `r bin mdmp init directory entry` function until a patch is available. As a temporary workaround, restrict the processing of crafted Mini Crash Dump files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.