Can you explain this vulnerability to me?

CVE-2025-60359 is a memory leak vulnerability in radare2 versions up to and including v5.9.8. It occurs in the function r_bin_object_new, which improperly manages memory allocation, causing memory to be consumed without being freed. This can lead to resource exhaustion. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to a Denial of Service (DoS) by exhausting system memory, potentially causing the affected system or application to crash or become unresponsive. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is a memory leak in the function r_bin_object_new in radare2 versions up to v5.9.8. Detection would involve monitoring the radare2 process for abnormal memory usage growth over time, which could indicate the leak. There are no specific commands provided to detect this vulnerability directly. General commands to monitor memory usage include 'top', 'htop', or 'ps aux --sort=-rss' on Linux systems. Additionally, running radare2 with debugging or profiling tools to observe memory allocation patterns might help identify the leak. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade radare2 to a version that includes the fix from pull request #24215, which addresses the memory leak in r_bin_object_new. If upgrading is not immediately possible, limiting the use of vulnerable radare2 versions and monitoring system memory usage to prevent Denial of Service conditions is advised. [1]

Useful 0 Not Useful 0