Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only attack requiring low-privilege execution of radare2; impact limited to process crash, no confidentiality or integrity loss confirmed.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.
AnalysisAI
Integer overflow in radare2's hexpairs parser crashes the process for local low-privilege users on versions up to 6.1.6. The flaw exists in the cmd_anal_opcode function within libr/core/cmd_anal.inc.c and produces only a low availability impact with no confidentiality or integrity consequences. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local account with at minimum low-privilege access on the host running radare2 - remote exploitation is not possible per the CVSS 4.0 AV:L vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 1.9 accurately reflects a very low-severity finding. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with low-privilege access invokes radare2 and supplies a specially crafted hexpairs string to the `cmd_anal_opcode` command interface, triggering an integer overflow in the parser. The overflow causes the radare2 process to crash, producing a denial-of-service condition. … |
| Remediation | Apply the upstream fix commit 84e773986e7e5bb30453a9384f498ec0ccc9d0a9 available at https://github.com/radareorg/radare2/commit/84e773986e7e5bb30453a9384f498ec0ccc9d0a9. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-d
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated critical severity (CVSS 9.8), th
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to exe
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Rated critical severity (CVSS 9.1), this vulne
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated cri
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated critic
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated high severity (CVSS 8.8), this v
Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process ma
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_ve
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo
Same weakness CWE-189 – Numeric Errors
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41768
GHSA-f973-xj97-7vpp