Skip to main content

radare2 EUVDEUVD-2026-30573

| CVE-2026-8695 HIGH
Use After Free (CWE-416)
2026-05-15 VulnCheck GHSA-jrmh-3vm7-w5m4
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 15, 2026 - 17:32 vuln.today
Analysis Generated
May 15, 2026 - 17:32 vuln.today
CVSS changed
May 15, 2026 - 17:22 NVD
7.5 (HIGH) 8.7 (HIGH)

DescriptionCVE.org

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.

AnalysisAI

Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.

Technical ContextAI

radare2 is a reverse engineering framework that includes support for the GDB Remote Serial Protocol (RSP) for debugging. The vulnerability resides in the gdbr_threads_list() function within the GDB client implementation (shlr/gdb/src/gdbclient/core.c). CWE-416 use-after-free occurs when the function improperly manages memory for thread list processing - specifically, the dpid pointer can be freed but still referenced if certain response sequences are received from a GDB server. The CPE identifier cpe:2.3:a:radare2:radare2:*:*:*:*:*:*:*:* indicates all versions prior to the fix are affected.

RemediationAI

Apply the vendor-released patch available in commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c at https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c. Users should update to a version of radare2 that includes this fix. As an immediate workaround, disable or restrict access to GDB remote debugging functionality if not required, though this will impact debugging capabilities. Network segmentation to limit access to debugging interfaces can reduce exposure while maintaining functionality for authorized users.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-30573 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy