CVE-2024-29646

CRITICAL EPSS 54.9%
Published Dec 17, 20241y ago ยท Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Dec 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
54.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-120

Affected Products 1

VendorProductVersionRange
radareradare25.8.8any

References 6

  • gist.github.com https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690
    Third Party Advisory
  • github.com https://github.com/radareorg/radare2/pull/22562
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22567
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22572
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22578
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22599
    Issue TrackingPatchVendor Advisory

Remediation

  • github.com https://github.com/radareorg/radare2/pull/22562
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22567
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22572
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22578
    Issue TrackingPatchVendor Advisory
  • github.com https://github.com/radareorg/radare2/pull/22599
    Issue TrackingPatchVendor Advisory