CVE-2025-5643
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-06-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radare | radare2 | 5.9.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5643 is a memory corruption vulnerability in Radare2 version 5.9.9, specifically in the radiff2 tool's function cons_stack_load. It involves improper handling of the '-T' argument, which leads to a double-free error where the same memory region is freed twice by different threads, causing heap corruption. This issue arises in a multithreaded context due to a race condition between threads, and it is triggered locally with a high attack complexity. The '-T' parameter is experimental and known to be unstable, and the vulnerability is considered problematic but its real existence is somewhat disputed. A patch and warnings have been introduced to mitigate this issue. [2, 3, 4, 1]
How can this vulnerability impact me? :
This vulnerability can cause memory corruption through a double-free error, potentially leading to program crashes or abnormal termination of the radiff2 tool. Since it affects system availability by causing heap corruption, it may disrupt normal operations of Radare2 when using the '-T' option. Exploitation requires local access and is difficult due to high attack complexity. The vulnerability mainly risks stability and availability rather than confidentiality or integrity. [2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running radiff2 with specific command-line options that trigger the double-free error, especially when built with AddressSanitizer enabled. A known command to reproduce the issue is: radiff2 -a x86_64 -AA -b 1 -B 0x100 -C -D -g 10,20 -j -p -q -r -T POC1 POC2. Monitoring for AddressSanitizer errors or crashes related to memory corruption during this execution indicates the presence of the vulnerability. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 5705d99cc1f23f36f9a84aab26d1724010b97798, which adds a warning when using the '-T' option and addresses the issue. Additionally, avoid using the experimental '-T' parameter as it is known to be unstable and crashy. Applying relocation settings such as '-e bin.relocs.apply=true' or '-e bin.cache=true' may help avoid related warnings, but the core fix requires updating the source code with the patch. [1, 4, 3]