CVE-2025-1378

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-1378
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1378.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-1378
Downstream
Related
Published
2025-02-17T06:15:13.277Z
Modified
2025-12-15T09:49:05.143233Z
Severity
  • 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/radareorg/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c6c772d2eab692ce7ada5a4227afd50c355ad545

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0

2.*

2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0

3.*

3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0

4.*

4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1

5.*

5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0
5.6.2
5.6.4
5.6.6
5.6.8
5.7.0
5.7.2
5.7.4
5.7.6
5.7.8
5.8.0
5.8.2
5.8.4
5.8.6
5.8.8
5.9.0
5.9.2
5.9.4
5.9.6
5.9.8

Other

Continuous-Windows
continuous
radare2-windows-nightly
termux
wip

release-5.*

release-5.0.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "68393399659418153477310161923419917998",
            "length": 3064.0
        },
        "target": {
            "file": "libr/main/rasm2.c",
            "function": "rasm_disasm"
        },
        "id": "CVE-2025-1378-06ed4be3",
        "source": "https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "317054673783703950481349978195450451046",
            "length": 7801.0
        },
        "target": {
            "file": "libr/main/rasm2.c",
            "function": "r_main_rasm2"
        },
        "id": "CVE-2025-1378-39f75829",
        "source": "https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "222949677318091204066143262985143295450",
                "74328730276520850207452952858647178031",
                "326888012091690487103459978797697060573",
                "306458151675589791350190592952599654861",
                "322199448557769857167101261228002366640",
                "23487644920975918614152583795768332577",
                "271737051872324508922338135673357843306",
                "60072681727967949186974701994450856658",
                "236555898512609377693208818896206765098",
                "96757791063340871230686613426690298471",
                "133082263458739439500115666838567660763",
                "183719942462880541005909484938678756631",
                "308096401840124328160609099488897575147",
                "221104819207198787764474740501058447924",
                "142298635525443811625240519583487264988",
                "124729191669879014899285559427101734635",
                "124633416668636505858232284893828815832",
                "31551616012019347096350443572937451734",
                "62190628944214391155368689533329239317",
                "296254517753456895331696721480755859360",
                "21746697840593390723677730980052896515",
                "158505307273218111123578782343442746739",
                "312203509168438381794552909972267861072",
                "160504993897430882647021739115794635520",
                "122543436190225729931048673425217946468",
                "252141886058588426382797012169921528649"
            ]
        },
        "target": {
            "file": "libr/main/rasm2.c"
        },
        "id": "CVE-2025-1378-63ec29e2",
        "source": "https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "227736582930381636692167237237981692138",
            "length": 1199.0
        },
        "target": {
            "file": "libr/main/rasm2.c",
            "function": "rasm_asm"
        },
        "id": "CVE-2025-1378-e91f9878",
        "source": "https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545"
    }
]