Stack-based Buffer Overflow in radareorg radare2 Affected by Memory64ListStream Parser
CVE-2026-14789
Key Information:
Badges
What is CVE-2026-14789?
A stack-based buffer overflow vulnerability has been identified in the radareorg radare2 tool, specifically within the Memory64ListStream Parser of the libr/bin/format/mdmp/mdmp.c component. This vulnerability arises from improper handling of inputs, allowing an attacker with local access to manipulate memory operations and potentially execute arbitrary code. As of now, the exploit is publicly available, emphasizing the urgent need for users to apply the provided patch (commit 175d4addb68981331c85b10681c2161c38fb5762) to mitigate the risk.
Affected Version(s)
radare2 6.1.0
radare2 6.1.1
radare2 6.1.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
