Local Denial of Service in Radare2 by Radareorg
CVE-2024-26475

5.5MEDIUM

Key Information:

Vendor: Radareorg
Status: Radare2
Vendor: CVE Published:; 14 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-26475?

A local denial of service vulnerability has been identified in Radare2 versions ranging from v0.9.7 to v5.8.6. This vulnerability originates from the grub_sfs_read_extent function, which can be exploited by an attacker with local access to the target system. Successful exploitation enables the local attacker to disrupt the availability of the affected software, significantly impairing its functionality. Users of Radare2 are advised to upgrade to version v5.8.8 or later to mitigate this issue and ensure continued service availability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-26475
Created by TronciuVlad

References

https://github.com/TronciuVlad/CVE-2024-26475

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2024
🟡
Public PoC available
Mar 11, 2024
👾
Exploit known to exist
Mar 11, 2024
Vulnerability Reserved
Feb 19, 2024