Double Free Vulnerability in Radare2 by Radare Org
CVE-2020-27794

9.1CRITICAL

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 19 August 2022

What is CVE-2020-27794?

A double free vulnerability was identified in Radare2, specifically within the cmd_info.c:cmd_info() function. If exploited, this flaw could allow attackers to modify unintended memory locations, possibly leading to program crashes or other unpredictable behavior. This security hole poses risks to the stability and integrity of applications using Radare2.

Affected Version(s)

radare2 Fixed in v4.4.0.

References

https://github.com/radareorg/radare2/issues/16303

x_refsource_MISC

https://github.com/radareorg/radare2/commit/cb8b683758edd...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2022
Vulnerability Reserved
Oct 27, 2020

CVE-2020-27794 Data

JSON