CVE-2026-4174
Awaiting Analysis Awaiting Analysis - Queue
Resource Consumption in Radare2 Mach-O Parser (walk_exports_trie

Publication date: 2026-03-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. Upgrading to version 6.1.2 is capable of addressing this issue. The name of the patch is 4371ae84c99c46b48cb21badbbef06b30757aba0. You should upgrade the affected component. The code maintainer states that, "[he] wont consider this bug a DoS".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-03-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4174
EUVD
EUVD-2026-12222
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
radare2 radare2 5.9.9
radare2 radare2 From 6.1.2 (inc)
radare2 radare2 6.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Radare2 version 5.9.9, specifically in the function walk_exports_trie within the Mach-O File Parser component. It leads to resource consumption when exploited.

The attack can only be performed locally, and although the exploit has been publicly disclosed, the existence of the vulnerability is still disputed by the code maintainer, who does not consider it a denial-of-service (DoS) issue.

Upgrading Radare2 to version 6.1.2 addresses this issue.


How can this vulnerability impact me? :

The vulnerability can lead to resource consumption on the affected system when exploited locally.

Given the low CVSS scores (v2.0 BaseScore 1.7, v3.1 BaseScore 3.3), the impact is limited and does not affect confidentiality or integrity, only availability to a minor extent.

Since the attack requires local access, remote exploitation is not possible.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade Radare2 to version 6.1.2, which addresses the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart