PT-2025-23901 · Radare2 · Radare2
Rootsec
·
Published
2025-06-05
·
Updated
2025-06-05
·
CVE-2025-5643
CVSS v4.0
2.0
Low
| Vector | AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Radare2 version 5.9.9
Description
A problematic vulnerability was found in the function
cons stack load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack must be approached locally and has a rather high complexity, making exploitation difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted. The parameter -T is experimental and "crashy". Further analysis has shown that "the race is not a real problem unless you use asan". A new warning has been added.Recommendations
To fix this issue, it is recommended to apply the patch named
5705d99cc1f23f36f9a84aab26d1724010b97798. As a temporary workaround, consider avoiding the use of the experimental parameter -T until the issue is resolved. Additionally, restrict access to the vulnerable function cons stack load to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Radare2