Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
AnalysisAI
Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.
Technical ContextAI
radare2 is a reverse engineering framework that includes support for the GDB Remote Serial Protocol (RSP) for debugging. The vulnerability resides in the gdbr_threads_list() function within the GDB client implementation (shlr/gdb/src/gdbclient/core.c). CWE-416 use-after-free occurs when the function improperly manages memory for thread list processing - specifically, the dpid pointer can be freed but still referenced if certain response sequences are received from a GDB server. The CPE identifier cpe:2.3:a:radare2:radare2:*:*:*:*:*:*:*:* indicates all versions prior to the fix are affected.
RemediationAI
Apply the vendor-released patch available in commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c at https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c. Users should update to a version of radare2 that includes this fix. As an immediate workaround, disable or restrict access to GDB remote debugging functionality if not required, though this will impact debugging capabilities. Network segmentation to limit access to debugging interfaces can reduce exposure while maintaining functionality for authorized users.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30573
GHSA-jrmh-3vm7-w5m4