CVE-2026-14757
Received Received - Intake

Integer Overflow in radare2 Due to core_anal_bytes

Vulnerability report for CVE-2026-14757, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-05

Last updated on: 2026-07-05

Assigner: VulDB

Description

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-05
Last Modified
2026-07-05
Generated
2026-07-05
AI Q&A
2026-07-05
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
radareorg radare2 to 6.1.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a signed integer overflow in the radare2 tool, specifically in the function core_anal_bytes within the file libr/core/cmd_anal.inc.c. It occurs when the aos command processes a large input value (268435456), which is multiplied by 8 without validating the input length. This multiplication causes the value to exceed the maximum limit for a signed integer, resulting in an overflow. The issue arises because the code does not check if the input is within safe bounds before performing arithmetic operations.

The overflow is detected by UndefinedBehaviorSanitizer (UBSan) and can be triggered locally by an attacker. A proof-of-concept script and test binary exist to reproduce the issue. The vulnerability originates in the cmd_anal_opcode function and propagates through the radare2 command execution system.

Impact Analysis

This vulnerability can lead to unexpected behavior or crashes in the radare2 tool when processing specially crafted inputs locally. Because it is an integer overflow, it may allow an attacker with local access to manipulate the program's execution flow or cause denial of service by crashing the application.

The exploit has been publicly disclosed, so attackers may use it to compromise systems where radare2 is installed and used without the patch.

Detection Guidance

This vulnerability can be detected by reproducing the integer overflow condition in the radare2 tool using the provided proof-of-concept script and test binary.

Specifically, running the `aos` command in radare2 with a large input value (268435456) triggers the overflow in the `core_anal_bytes` function.

You can use the provided `run-overflow.sh` script along with the `onebyte.bin` test binary to reproduce and detect the overflow condition.

Additionally, using UndefinedBehaviorSanitizer (UBSan) during radare2 execution can help detect the signed integer overflow at runtime.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to install the patch provided by the radare2 developers that addresses the integer overflow issue.

The patch involves validating input lengths before performing arithmetic operations or using checked arithmetic to prevent overflow.

Since the attack requires local access, restricting local user permissions and access to radare2 may reduce risk until the patch is applied.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart