CVE-2025-5642
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-05

Last updated on: 2025-06-23

Assigner: VulDB

Description
A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-05
Last Modified
2025-06-23
Generated
2026-05-07
AI Q&A
2025-06-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5642
EUVD
EUVD-2025-16972
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radare radare2 5.9.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-5642 is a double-free memory corruption vulnerability in the radiff2 tool of Radare2 version 5.9.9. It occurs in the function r_cons_pal_init in the file libr/cons/pal.c, where a 64-byte memory region allocated by r_cons_rgb_str_mode is freed twice across different threads, causing unsafe memory deallocation. This concurrency-related bug can lead to program crashes or memory corruption. The vulnerability requires local access and is difficult to exploit. It was detected using AddressSanitizer during multi-threaded execution and has a proof-of-concept exploit publicly available. [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability can cause memory corruption and program crashes in radiff2 when exploited. Since it involves a double-free error in a multi-threaded environment, it may lead to unstable behavior or denial of service of the affected software. However, exploitation is difficult and requires local access. The impact is primarily on system availability, with no indication of data confidentiality or integrity compromise. [1, 2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running radiff2 with AddressSanitizer enabled, which detects the double-free memory corruption during execution. Specifically, running radiff2 with the following command-line options on proof-of-concept files can trigger the issue and reveal the vulnerability: `radiff2 -AA -b 16 -c px -d -D -g 10,20 -j -m d -p -r -T -u <file>`. AddressSanitizer will report the double-free error during this execution. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to apply the patch identified by commit `5705d99cc1f23f36f9a84aab26d1724010b97798` which fixes the double-free vulnerability in radiff2. Additionally, avoid using the experimental and "crashy" `-T` parameter until the patch is applied. Running radare2 without AddressSanitizer or disabling multi-threaded operations that trigger the race condition can also reduce the risk until patched. [3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart