CVE-2025-5647
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-06-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radare | radare2 | 5.9.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5647 is a double-free memory corruption vulnerability found in the radiff2 tool of Radare2 version 5.9.9. It occurs in the function r_cons_context_break_pop within the libr/cons/cons.c source file. The issue arises when this function attempts to free memory that has already been freed, leading to a double-free error. This happens during console context break operations triggered by the experimental and unstable -T argument. The flaw is related to concurrency, as the double-free occurs across different threads, causing unsafe memory operations that can lead to program crashes or undefined behavior. The vulnerability requires local access and is considered difficult to exploit. A patch has been released to fix this issue. [1, 3, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by causing memory corruption in the radiff2 tool, potentially leading to program crashes or denial of service. Since it is a double-free error, it may cause the application to abort unexpectedly or behave unpredictably. The vulnerability affects the availability of the software but does not compromise confidentiality or integrity. Exploitation requires local access and is considered difficult, but a proof-of-concept exploit is publicly available. Applying the provided patch is recommended to prevent these impacts. [2, 1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running radiff2 with AddressSanitizer enabled to catch double-free memory corruption errors. Specifically, compiling radare2 with the '-fsanitize=address' flag and running radiff2 with command-line options involving the '-T' parameter (which is experimental and crashy) can trigger the issue. Example commands include running radiff2 with flags such as '-AA -B 0x8048000 -d -g 0x1000,0x2000 -m i -n -q -T' on crafted proof-of-concept files. AddressSanitizer will report double-free errors during these operations, indicating the presence of the vulnerability. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit '5705d99cc1f23f36f9a84aab26d1724010b97798' which fixes the double-free issue in the 'r_cons_context_break_pop' function. Additionally, avoid using the experimental and unstable '-T' parameter in radiff2 until the patch is applied. Updating radare2 to a version that includes this patch or later is recommended to prevent potential exploitation. [1, 2]