CVE-2024-29646
Publication date 17 December 2024
Last updated 11 July 2025
Ubuntu priority
Description
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| radare2 | 25.10 questing |
Needs evaluation
|
| 25.04 plucky |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-29646
- https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690
- https://github.com/radareorg/radare2/pull/22562
- https://github.com/radareorg/radare2/pull/22567
- https://github.com/radareorg/radare2/pull/22572
- https://github.com/radareorg/radare2/pull/22578
- https://github.com/radareorg/radare2/pull/22599