CVE-2025-5648
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-06-17
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radare | radare2 | 5.9.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5648 is a double-free memory corruption vulnerability in Radare2 version 5.9.9, specifically in the function r_cons_pal_init within the radiff2 component. It occurs during palette initialization when the program improperly frees the same memory region twice, especially in a multi-threaded context. This leads to memory corruption and potential program crashes. The vulnerability is triggered by manipulating the experimental -T argument, which is known to be unstable. Exploiting this vulnerability requires local access and is considered difficult. A patch has been released to fix this issue. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause program crashes or instability in Radare2's radiff2 tool due to memory corruption from double-free errors. While the impact is primarily on availability, it could potentially be exploited to cause denial of service or other unintended behavior. However, exploitation is difficult and requires local access. The vulnerability affects the reliability of the software and may disrupt normal operations when triggered. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running radiff2 with specific command-line options that trigger the problematic palette initialization, especially using the experimental -T argument. A proof-of-concept command to trigger the double-free and detect the issue with AddressSanitizer is: radiff2 -AA -B 0x8048000 -d -g 0x1000,0x2000 -m i -n -q -T POC1 POC2 Running radiff2 compiled with AddressSanitizer enabled (-fsanitize=address) will help detect the double-free error by reporting memory corruption and aborting the program. Monitoring for crashes or AddressSanitizer reports during execution with these flags can indicate the presence of the vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 5705d99cc1f23f36f9a84aab26d1724010b97798, which fixes the double-free memory corruption issue in the r_cons_pal_init function. Additionally, avoid using the experimental -T parameter in radiff2 until the patch is applied, as it is known to be "crashy" and triggers the vulnerability. Monitoring updates from the radare2 project and upgrading to a fixed version as soon as it is available is recommended. [1]