CVE-2026-14761
Received Received - Intake

Integer Overflow in radare2

Vulnerability report for CVE-2026-14761, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-05

Last updated on: 2026-07-05

Assigner: VulDB

Description

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function r_str_ndup/r_str_append of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is a20a56917ae85d732e683f8d9078bdcfee92446c. Applying a patch is the recommended action to fix this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-05
Last Modified
2026-07-05
Generated
2026-07-05
AI Q&A
2026-07-05
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
radareorg radare2 to 6.1.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a signed integer overflow in the radare2 project's string handling functions, specifically in r_str_ndup and r_str_append within the file libr/util/str.c. The issue arises because the code used an int type for string length calculations, which can overflow when processing large strings. This overflow can lead to memory corruption and potentially cause the program to crash.

The vulnerability requires local access to exploit and has been publicly disclosed. The fix involves changing the length variables from int to size_t (an unsigned type) to prevent overflow, improving memory reallocation handling, and ensuring proper cleanup if memory allocation fails.

Impact Analysis

Exploiting this vulnerability can lead to memory corruption and program crashes in radare2 when handling large strings. Since the attack requires local access, an attacker with limited privileges could cause denial of service by crashing the application or potentially exploit the memory corruption for further attacks.

Detection Guidance

This vulnerability affects the radareorg radare2 software up to version 6.1.6, specifically in the r_str_ndup/r_str_append functions. Detection involves identifying if this vulnerable version of radare2 is installed on your system.

You can check the installed version of radare2 by running the following command in your terminal:

  • radare2 -v

If the version is 6.1.6 or earlier, your system is potentially vulnerable. Since the exploit requires local access and involves integer overflow in string handling functions, monitoring for unusual crashes or memory corruption in radare2 usage logs may also help detect exploitation attempts.

Mitigation Strategies

The recommended immediate mitigation is to apply the patch identified by commit a20a56917ae85d732e683f8d9078bdcfee92446c, which fixes the integer overflow by changing the length variables from int to size_t and improving memory handling.

If patching is not immediately possible, consider restricting local access to radare2 to trusted users only, as the attack requires local access.

Regularly update radare2 to the latest version beyond 6.1.6 where this vulnerability is fixed.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14761. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart