CVE-2026-14758
Received Received - Intake

Integer Overflow in radare2 Hexpairs Parser

Vulnerability report for CVE-2026-14758, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-05

Last updated on: 2026-07-05

Assigner: VulDB

Description

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-05
Last Modified
2026-07-05
Generated
2026-07-05
AI Q&A
2026-07-05
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
radareorg radare2 to 6.1.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a signed integer overflow in the radare2 tool, specifically in the hexpairs parsing function related to opcode analysis.

An attacker can craft a specially formatted input, such as a large repeat count in a format string, which causes the internal index calculation to overflow. This overflow leads to undefined behavior and can cause the program to crash or behave unexpectedly.

The issue occurs because the function does not properly check if the repeat count is too large before using it in arithmetic operations, allowing the overflow to happen.

Impact Analysis

This vulnerability can cause the radare2 tool to crash or behave unpredictably when processing crafted inputs locally.

Since the attack requires local access, an attacker with limited privileges could exploit this to cause denial of service or potentially destabilize the application.

The exploit is publicly available, which increases the risk of exploitation if the vulnerable version is used without the patch.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the integer overflow condition using a crafted input that triggers the overflow in the hexpairs parsing function.

A proof-of-concept involves using a specially crafted format string such as `b[2147483647]X` which causes the function to overflow and can be detected by running radare2 with sanitizer flags enabled (e.g., UBSan) to catch the signed integer overflow error.

Specifically, running radare2 with the crafted input and sanitizers enabled can reveal the overflow issue.

  • Use the PoC input `b[2147483647]X` in radare2 to trigger the overflow.
  • Run radare2 with Undefined Behavior Sanitizer (UBSan) enabled to detect signed integer overflow errors.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The immediate mitigation step is to apply the official patch identified by commit 84e773986e7e5bb30453a9384f498ec0ccc9d0a9.

This patch adds validation to ensure that opcode count values do not exceed safe limits, preventing the integer overflow and potential crash.

Until the patch is applied, avoid processing untrusted or crafted inputs that could trigger the overflow.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14758. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart