CVE-2021-32495 CRITICAL

CVE-2021-32495

Vendor Radare2
Product radare2
Weakness CWE-416
Published July 7, 2023
Last update November 12, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

Key dates

02Disclosure timeline

July 7, 2023 CVE published
November 12, 2024 Record updated