CVE-2025-63745

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-63745

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-63745.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-63745

Downstream

UBUNTU-CVE-2025-63745

Published

2025-11-14T21:15:45.083Z

Modified

2025-11-21T08:53:01.099285Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.

References

Affected packages

Git / github.com/radareorg/radare2

Affected ranges

Type: GIT
Repo: https://github.com/radareorg/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c5df3f8570d4f0c360681c08241ad8af3b919fd

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.4-termux4

0.10.5

0.10.6

0.8.6

0.8.8

0.9

0.9.2

0.9.4

0.9.6

0.9.7

0.9.8

0.9.8-rc1

0.9.8-rc2

0.9.8-rc3

0.9.8-rc4

0.9.9

1.*

1.0

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.0-git

1.3.0

1.3.0-git

1.4.0

1.5.0

1.6.0

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.4.0

2.5.0

2.6.0

2.6.9

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.2.0

3.2.1

3.3.0

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.7.0

3.7.1

3.8.0

3.9.0

4.*

4.0.0

4.1.0

4.1.1

4.2.0

4.2.1

4.3.0

4.3.1

4.4.0

4.5.1

5.*

5.0.0

5.1.0

5.1.1

5.2.0

5.2.1

5.3.0

5.3.1

5.4.0

5.4.0-git

5.4.2

5.5.0

5.5.2

5.5.4

5.6.0

5.6.2

5.6.4

5.6.6

5.6.8

5.7.0

5.7.2

5.7.4

5.7.6

5.7.8

5.8.0

5.8.2

5.8.4

5.8.6

5.8.8

5.9.0

5.9.2

5.9.4

5.9.6

5.9.8

6.*

6.0.0

6.0.2

6.0.4

Other

Continuous-Windows

continuous

radare2-windows-nightly

termux

wip

release-5.*

release-5.0.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "info",
            "file": "libr/bin/p/bin_ne.c"
        },
        "id": "CVE-2025-63745-142822d0",
        "signature_version": "v1",
        "digest": {
            "function_hash": "84146432519326662430865519521765612802",
            "length": 320.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "file": "libr/bin/p/bin_ne.c"
        },
        "id": "CVE-2025-63745-19521af8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "225645340465502649403007884156092289299",
                "4255312194927405349494608333156212801",
                "221492251747955084037942442839376620031",
                "103094258928229211537405568275140328861",
                "83760469944535761774492245038122925436",
                "191853895264087811774622815729800926909",
                "312202530214876748638244845423168489181"
            ]
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "r_bin_ne_get_relocs",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-3e78a0c5",
        "signature_version": "v1",
        "digest": {
            "function_hash": "316935037769037347446857601865745434761",
            "length": 3359.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "r_bin_ne_get_imports",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-7e03226e",
        "signature_version": "v1",
        "digest": {
            "function_hash": "154503603118799082267592018775264885947",
            "length": 718.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "r_bin_ne_new_buf",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-8ba67da7",
        "signature_version": "v1",
        "digest": {
            "function_hash": "327963706153672025240578035634824030205",
            "length": 158.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "r_bin_ne_get_symbols",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-90732f81",
        "signature_version": "v1",
        "digest": {
            "function_hash": "106112272512346546172539501448725117117",
            "length": 1484.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-90d4aaf9",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "313238745765593098916398371711611719026",
                "294752229138683901280345080909175703068",
                "287234075078972060332705076000960752614",
                "61687125016204721711556633294709419230",
                "101683830962973421030327422698245415883",
                "324690717746851617852693403780049688727",
                "105725521615344357065672744328767393558",
                "20348808998800939027832124039156497412",
                "103932977767556783085866655802755369923",
                "185766139809623981907481017446196760390",
                "242757875722461813260580452274959845167",
                "183609496058471472087376317578066044812",
                "73016055845034544411042456248936860411",
                "77237793225504425653131744554744729571",
                "194536733704221344171287824016814877527",
                "67709743740579648977685067487009132914",
                "296597705641018818644775265758595290167",
                "250782832250914117964994115570498208215",
                "198181616098348474293048922435700938700",
                "95703940086544948520562337060076593148",
                "310966993569082911011148113652848476034",
                "157179690316466466463529410185139768317",
                "333963544480240934816765111991052663037",
                "324846141160135092639839517546804030699",
                "163056050106799001027687671299049256650",
                "120004223918794892759312146021397652472",
                "210179649740552819592557501328770961163",
                "26745738271488028184227008616724153387",
                "147231730837729489074141156835783693829",
                "299922718602882311868712267424888419354",
                "223223715559888981290723075634535525460",
                "88888210275562397908409414026535506647",
                "40619013878554923376372695977059232965",
                "302319969718740244346448406839420222525",
                "195339780723047122621027496336571289604",
                "100773668494960943283012556228712781332",
                "36611135045926497895111631975642740113",
                "172257755568199023532836346844485230179",
                "239251081859677703346475027249651195491",
                "214074381375023074878840775140979352449",
                "182863579517589287631377850725300908036",
                "283640864699898381263655973841467348630",
                "152527434330706178348542513598339955706",
                "239747875909445878386960023926298532821",
                "220173227346407627996624325320460411564",
                "207946668031197252113135756830201597907",
                "338947544075308010936011219466223709398",
                "16769727617485124330738899851313356341",
                "157652202564519084984989693962773804665",
                "174615053272657349546493130311976732635",
                "86378841372027892579675697054324285844"
            ]
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "__ne_get_resources",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-a9d21032",
        "signature_version": "v1",
        "digest": {
            "function_hash": "40753176155915494471092337591911098596",
            "length": 1323.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "r_bin_ne_get_entrypoints",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-ad7f692a",
        "signature_version": "v1",
        "digest": {
            "function_hash": "289865205616505545813263707385777284189",
            "length": 2001.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "r_bin_ne_get_segments",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-bf4db74c",
        "signature_version": "v1",
        "digest": {
            "function_hash": "210841537725366807856477297836916704170",
            "length": 801.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "__init",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-cb9f975d",
        "signature_version": "v1",
        "digest": {
            "function_hash": "251142977442218578945101283452518184963",
            "length": 1956.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd",
        "target": {
            "function": "__get_target_os",
            "file": "libr/bin/format/ne/ne.c"
        },
        "id": "CVE-2025-63745-e8f08444",
        "signature_version": "v1",
        "digest": {
            "function_hash": "188912887634688540447694381659026342925",
            "length": 304.0
        },
        "signature_type": "Function",
        "deprecated": false
    }
]