OPENSUSE-SU-2026:20653-1
Vulnerability from csaf_opensuse - Published: 2026-04-29 08:45 - Updated: 2026-04-29 08:45Summary
Security update for radare2
Severity
Critical
Notes
Title of the patch: Security update for radare2
Description of the patch: This update for radare2 fixes the following issues:
Changes in radare2:
- Update to version 6.1.4 (bsc#1262142, CVE-2026-40499):
* Analysis: improve autoname scoring, jmptbl detection, and performance
* Add callargs modifier, rnum expressions, and typed function context
* Refactor autoname into plugin; extend RAnalPlugin hooks
* Fix leaks, overflows, and command injection in analysis scripts
* Improve string detection, wide strings, and switch/case analysis
* Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support
* Cache capstone options and improve multi-arch disassembly
* ASM: add camel syntax support, unify via RArch API
* Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF)
* Fix leaks, OOB reads/writes, overflows, and improve bounds checks
* Improve Swift demangling, ARM hints, relocations, and imports
* Add nds32 reloc support and optimize kernelcache parsing
* Build: install to lib64, fix illumos and packaging issues
* CI: add GitHub Actions and FilC builds
* Console: fix multiple overflows, OOB issues, and improve performance
* Core: API renames, plugin load order, sandbox/config fixes
* Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs)
* Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver
* Debug: improve ptrace, winkd support, breakpoints, checkpoints
* Disasm: cache flag lookups for performance
* FS/IO: fix leaks, bounds, sparse IO, and device handling
* HTTP/socket: webserver fixes and SSL fallback handling
* Print/projects: improve formatting, endian handling, project metadata
* Pseudo: add while/switch support and cleaner control flow
* Search/shell: improve commands, parsing, and usability
* Security: fix widespread command injection and sandbox escapes
* Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support
* Types/util: parsing improvements, JSON/base64 updates, optimizations
* Visual: fix UAF/leaks, improve panels and UX
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.4
- Update to version 6.1.2:
* Analysis: preserve timeouts, improve bb/jmptbl validation and limits
* Optimize string detection and hot-path functions
* Add APIs for function signatures, vars limits, and instruction hints
* Fix overlapped functions, invalid code checks, and large bb handling
* API: remove deprecated librmagic/filetype APIs and name filter
* Arch: fix Thumb/endianness issues, add Python pseudo plugin
* ASM: unify settings via RArch, fix directives, add bf pseudo plugin
* Bin: improve ELF/Mach-O stripped detection and parsing safety
* Harden Mach-O bounds, optimize kernelcache and XNU parsing
* Fix many leaks (DEX, demangler, parsers) and infinite loops
* Improve DWARF handling and symbol/type extraction
* Build: improve meson, toolchains, and add ISO/docker support
* Console: preserve timeout, fix themes and UTF-8 handling
* Core: fix config bugs, improve startup and addressing support
* Crash: fix UAF, OOB, race conditions, regex bugs, and overflows
* Add safety checks across dotnet, Mach-O, DWARF, and webserver
* Debug/ESIL: safer execution and divide-by-zero handling
* FS/IO: fix HFS+, dyldcache speedups, safer zip handling
* Graph: add bb size limit option
* Print: merge commands, improve UTF-8 and formatting
* Projects/tools: new configs, plugin support, CLI improvements
* Search: faster analysis search and block buffering
* Shell: improve grep/macros and file operations
* Types: lazy-load, cache, and improve parsing (varargs, structs)
* Tests: expand fuzzing and test suites
* General cleanup, performance tuning, and safety improvements
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.4
- Update to version 6.1.0:
* Reimplement RBufRef using RRef; fix RLibDelHandler API
* Remove stale JAY code; improve analysis performance and CI speed
* Optimize type propagation, jump tables, and plugin integration
* Fix infinite loops, antidisasm tricks, and function autonaming
* Add new analysis options and trace import plugin (DRCOV)
* Improve RCore seek operations and naming APIs
* API: add RNum.getErr, enforce safe alloc macros, new helpers
* Arch: update ARC disasm, refactor sessions, remove unsafe string ops
* ASM: improve x86 validation, add CIL and ARC pseudo plugins
* Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use
* Add/import DWARF types, improve relocations and symbol handling
* Extensive memory leak fixes and parser hardening across formats
* Improve string handling, caching, and zero-copy optimizations
* Build: improve meson, remove zip deps, add 3rd-party plugin support
* Console: fix UTF-8 graphs and color propagation
* Core: improve plugin handling and background task stability
* Crash: fix multiple UAF, OOB, overflows, and injection issues
* Sanitize inputs (function names, demangler, callconv)
* Debug: add source breakpoints, ARM64/XNU support, FPU regs
* Disasm: improve string handling, comments, and color logic
* ESIL: extend x86 FPU emulation
* FS/IO: fixes and plugin reorganizations
* HTTP: fix sandbox webserver issues
* Hash/tools: minor fixes and output improvements
* General cleanup, safety checks, and performance optimizations
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.0
- Update to version 6.0.8:
* Migrate r_vector to RVec across core components
* Refactor and optimize type propagation (now plugin-based)
* Remove redundant anal.a2f and related duplication
* Improve caching, memoization, and performance in analysis
* Fix file corruption, null asserts, and command issues
* Enhance x86 (AT&T syntax, enter instruction) and z80 support
* Add initial .NET (CIL) disasm/asm support
* Improve Java, ELF, Mach-O, APK, and PDB handling
* Fix demangling, symbols, and relocation issues
* Resolve multiple memory leaks and parser bugs
* Fix UAF, OOB, overflows, and command injection vulnerabilities
* Improve GDB debugging and breakpoint handling
* Enhance disassembly visuals and color options
* Update ESIL operators and behavior
* Add support for APFS, GPT, BSD, APM partitions
* Improve IO handling and add new plugins
* Optimize performance (strbuf, memory usage)
* Improve console UI, themes, and terminal handling
* Refine SDK builds and CI pipelines
* Improve CLI tools (rabin2, rasm2, rafs2)
* Add JSON support and better help/version info
* Expand type parsing (typedef, enum, union)
* Improve socket/HTTP handling and downloads
* Add and refine tests and reporting
* General cleanup, safety checks, and code modernization
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.8
- Update to version 6.0.7:
* shell: Fix parsing r2 -H$(VARNAME) without a space
- Update to version 6.0.6:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.6
- Update to version 6.0.4:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.4
- Update to version 6.0.2:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.2
- Update to version 6.0.0:
* ABI changes:
~ RCorePlugins now have a session
~ Finish the RKons refactoring, all r_cons calls take instance instead of global
~ Rename RCrypto to RMuta
~ Use RCons instance from RLine
~ Rename RIOPlugin.widget to RIOPlugin.data
~ Refactor the RRegAlias api
~ Camelcase all the RCoreBind methods
* Breaking API changes:
~ Boolify r_cons_rgb_parse
~ Add RLogLevel.fromString() and use it from -e log.level=?
~ Deprecate r_bin_addr2line
~ Rename RBinDbgItem into RBinAddrline
~ RNumCalc is now known as RNumMath
~ Move RFlagItem.alias into the Meta
~ Rename core->offset into core->addr (asm.offset and more!)
~ Rename RFlagItem.offset -> addr
* API changes:
~ Boolify r_cons_rgb_parse
~ Add RLogLevel.fromString() and use it from -e log.level=?
~ Deprecate r_bin_addr2line
~ Rename RBinDbgItem into RBinAddrline
~ RNumCalc is now known as RNumMath
~ Move RFlagItem.alias into the Meta
~ Rename core->offset into core->addr (asm.offset and more!)
~ Rename RFlagItem.offset -> addr
~ Deprecate RLang.list()
~ Unified function to jsonify the plugin meta + more fields
~ Redesign the REvent API
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.0
- CVE-2025-5641: Fix memory corruption by manipulation of the argument -T (bsc#1244121)
- CVE-2025-1864: Fix buffer overflow and potential code execution (bsc#bsc#1238451)
- CVE-2025-1744: Fix heap-based buffer over-read or buffer overflow (bsc#1238075)
- CVE-2025-1378: Fix memory corruption (bsc#1237250)
- Update to version 5.9.8:
* Resolved CVE:
- CVE-2024-29645: buffer overflow vulnerability allows an attacker to
execute arbitrary code via the parse_die function (boo#1234065).
For details, check full release notes:
https://github.com/radareorg/radare2/releases/tag/5.9.8
https://github.com/radareorg/radare2/releases/tag/5.9.6
https://github.com/radareorg/radare2/releases/tag/5.9.4
https://github.com/radareorg/radare2/releases/tag/5.9.2
https://github.com/radareorg/radare2/releases/tag/5.9.0
Patchnames: openSUSE-Leap-16.0-packagehub-224
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
10 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for radare2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for radare2 fixes the following issues:\n\nChanges in radare2:\n\n- Update to version 6.1.4 (bsc#1262142, CVE-2026-40499):\n * Analysis: improve autoname scoring, jmptbl detection, and performance\n * Add callargs modifier, rnum expressions, and typed function context\n * Refactor autoname into plugin; extend RAnalPlugin hooks\n * Fix leaks, overflows, and command injection in analysis scripts\n * Improve string detection, wide strings, and switch/case analysis\n * Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support\n * Cache capstone options and improve multi-arch disassembly\n * ASM: add camel syntax support, unify via RArch API\n * Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF)\n * Fix leaks, OOB reads/writes, overflows, and improve bounds checks\n * Improve Swift demangling, ARM hints, relocations, and imports\n * Add nds32 reloc support and optimize kernelcache parsing\n * Build: install to lib64, fix illumos and packaging issues\n * CI: add GitHub Actions and FilC builds\n * Console: fix multiple overflows, OOB issues, and improve performance\n * Core: API renames, plugin load order, sandbox/config fixes\n * Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs)\n * Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver\n * Debug: improve ptrace, winkd support, breakpoints, checkpoints\n * Disasm: cache flag lookups for performance\n * FS/IO: fix leaks, bounds, sparse IO, and device handling\n * HTTP/socket: webserver fixes and SSL fallback handling\n * Print/projects: improve formatting, endian handling, project metadata\n * Pseudo: add while/switch support and cleaner control flow\n * Search/shell: improve commands, parsing, and usability\n * Security: fix widespread command injection and sandbox escapes\n * Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support\n * Types/util: parsing improvements, JSON/base64 updates, optimizations\n * Visual: fix UAF/leaks, improve panels and UX\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.1.4\n\n- Update to version 6.1.2:\n * Analysis: preserve timeouts, improve bb/jmptbl validation and limits\n * Optimize string detection and hot-path functions\n * Add APIs for function signatures, vars limits, and instruction hints\n * Fix overlapped functions, invalid code checks, and large bb handling\n * API: remove deprecated librmagic/filetype APIs and name filter\n * Arch: fix Thumb/endianness issues, add Python pseudo plugin\n * ASM: unify settings via RArch, fix directives, add bf pseudo plugin\n * Bin: improve ELF/Mach-O stripped detection and parsing safety\n * Harden Mach-O bounds, optimize kernelcache and XNU parsing\n * Fix many leaks (DEX, demangler, parsers) and infinite loops\n * Improve DWARF handling and symbol/type extraction\n * Build: improve meson, toolchains, and add ISO/docker support\n * Console: preserve timeout, fix themes and UTF-8 handling\n * Core: fix config bugs, improve startup and addressing support\n * Crash: fix UAF, OOB, race conditions, regex bugs, and overflows\n * Add safety checks across dotnet, Mach-O, DWARF, and webserver\n * Debug/ESIL: safer execution and divide-by-zero handling\n * FS/IO: fix HFS+, dyldcache speedups, safer zip handling\n * Graph: add bb size limit option\n * Print: merge commands, improve UTF-8 and formatting\n * Projects/tools: new configs, plugin support, CLI improvements\n * Search: faster analysis search and block buffering\n * Shell: improve grep/macros and file operations\n * Types: lazy-load, cache, and improve parsing (varargs, structs)\n * Tests: expand fuzzing and test suites\n * General cleanup, performance tuning, and safety improvements\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.1.4\n\n- Update to version 6.1.0:\n * Reimplement RBufRef using RRef; fix RLibDelHandler API\n * Remove stale JAY code; improve analysis performance and CI speed\n * Optimize type propagation, jump tables, and plugin integration\n * Fix infinite loops, antidisasm tricks, and function autonaming\n * Add new analysis options and trace import plugin (DRCOV)\n * Improve RCore seek operations and naming APIs\n * API: add RNum.getErr, enforce safe alloc macros, new helpers\n * Arch: update ARC disasm, refactor sessions, remove unsafe string ops\n * ASM: improve x86 validation, add CIL and ARC pseudo plugins\n * Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use\n * Add/import DWARF types, improve relocations and symbol handling\n * Extensive memory leak fixes and parser hardening across formats\n * Improve string handling, caching, and zero-copy optimizations\n * Build: improve meson, remove zip deps, add 3rd-party plugin support\n * Console: fix UTF-8 graphs and color propagation\n * Core: improve plugin handling and background task stability\n * Crash: fix multiple UAF, OOB, overflows, and injection issues\n * Sanitize inputs (function names, demangler, callconv)\n * Debug: add source breakpoints, ARM64/XNU support, FPU regs\n * Disasm: improve string handling, comments, and color logic\n * ESIL: extend x86 FPU emulation\n * FS/IO: fixes and plugin reorganizations\n * HTTP: fix sandbox webserver issues\n * Hash/tools: minor fixes and output improvements\n * General cleanup, safety checks, and performance optimizations\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.1.0\n\n- Update to version 6.0.8:\n * Migrate r_vector to RVec across core components\n * Refactor and optimize type propagation (now plugin-based)\n * Remove redundant anal.a2f and related duplication\n * Improve caching, memoization, and performance in analysis\n * Fix file corruption, null asserts, and command issues\n * Enhance x86 (AT\u0026T syntax, enter instruction) and z80 support\n * Add initial .NET (CIL) disasm/asm support\n * Improve Java, ELF, Mach-O, APK, and PDB handling\n * Fix demangling, symbols, and relocation issues\n * Resolve multiple memory leaks and parser bugs\n * Fix UAF, OOB, overflows, and command injection vulnerabilities\n * Improve GDB debugging and breakpoint handling\n * Enhance disassembly visuals and color options\n * Update ESIL operators and behavior\n * Add support for APFS, GPT, BSD, APM partitions\n * Improve IO handling and add new plugins\n * Optimize performance (strbuf, memory usage)\n * Improve console UI, themes, and terminal handling\n * Refine SDK builds and CI pipelines\n * Improve CLI tools (rabin2, rasm2, rafs2)\n * Add JSON support and better help/version info\n * Expand type parsing (typedef, enum, union)\n * Improve socket/HTTP handling and downloads\n * Add and refine tests and reporting\n * General cleanup, safety checks, and code modernization\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.0.8\n\n- Update to version 6.0.7:\n * shell: Fix parsing r2 -H$(VARNAME) without a space\n\n- Update to version 6.0.6:\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.0.6\n\n- Update to version 6.0.4:\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.0.4\n\n- Update to version 6.0.2:\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.0.2\n\n- Update to version 6.0.0:\n * ABI changes:\n ~ RCorePlugins now have a session\n ~ Finish the RKons refactoring, all r_cons calls take instance instead of global\n ~ Rename RCrypto to RMuta\n ~ Use RCons instance from RLine\n ~ Rename RIOPlugin.widget to RIOPlugin.data\n ~ Refactor the RRegAlias api\n ~ Camelcase all the RCoreBind methods\n * Breaking API changes:\n ~ Boolify r_cons_rgb_parse\n ~ Add RLogLevel.fromString() and use it from -e log.level=?\n ~ Deprecate r_bin_addr2line\n ~ Rename RBinDbgItem into RBinAddrline\n ~ RNumCalc is now known as RNumMath\n ~ Move RFlagItem.alias into the Meta\n ~ Rename core-\u003eoffset into core-\u003eaddr (asm.offset and more!)\n ~ Rename RFlagItem.offset -\u003e addr\n * API changes:\n ~ Boolify r_cons_rgb_parse\n ~ Add RLogLevel.fromString() and use it from -e log.level=?\n ~ Deprecate r_bin_addr2line\n ~ Rename RBinDbgItem into RBinAddrline\n ~ RNumCalc is now known as RNumMath\n ~ Move RFlagItem.alias into the Meta\n ~ Rename core-\u003eoffset into core-\u003eaddr (asm.offset and more!)\n ~ Rename RFlagItem.offset -\u003e addr\n ~ Deprecate RLang.list()\n ~ Unified function to jsonify the plugin meta + more fields\n ~ Redesign the REvent API\n * Full changelog is available at:\n https://github.com/radareorg/radare2/releases/tag/6.0.0\n\n- CVE-2025-5641: Fix memory corruption by manipulation of the argument -T (bsc#1244121)\n- CVE-2025-1864: Fix buffer overflow and potential code execution (bsc#bsc#1238451)\n- CVE-2025-1744: Fix heap-based buffer over-read or buffer overflow (bsc#1238075)\n- CVE-2025-1378: Fix memory corruption (bsc#1237250)\n\n- Update to version 5.9.8:\n * Resolved CVE:\n - CVE-2024-29645: buffer overflow vulnerability allows an attacker to\n execute arbitrary code via the parse_die function (boo#1234065).\n For details, check full release notes:\n https://github.com/radareorg/radare2/releases/tag/5.9.8\n https://github.com/radareorg/radare2/releases/tag/5.9.6\n https://github.com/radareorg/radare2/releases/tag/5.9.4\n https://github.com/radareorg/radare2/releases/tag/5.9.2\n https://github.com/radareorg/radare2/releases/tag/5.9.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-224",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20653-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1234065",
"url": "https://bugzilla.suse.com/1234065"
},
{
"category": "self",
"summary": "SUSE Bug 1237250",
"url": "https://bugzilla.suse.com/1237250"
},
{
"category": "self",
"summary": "SUSE Bug 1238075",
"url": "https://bugzilla.suse.com/1238075"
},
{
"category": "self",
"summary": "SUSE Bug 1238451",
"url": "https://bugzilla.suse.com/1238451"
},
{
"category": "self",
"summary": "SUSE Bug 1244121",
"url": "https://bugzilla.suse.com/1244121"
},
{
"category": "self",
"summary": "SUSE Bug 1262142",
"url": "https://bugzilla.suse.com/1262142"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29645 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1378 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5641 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40499/"
}
],
"title": "Security update for radare2",
"tracking": {
"current_release_date": "2026-04-29T08:45:46Z",
"generator": {
"date": "2026-04-29T08:45:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20653-1",
"initial_release_date": "2026-04-29T08:45:46Z",
"revision_history": [
{
"date": "2026-04-29T08:45:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"product": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"product_id": "libsdb2_4_2-6.1.4-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "radare2-6.1.4-bp160.1.1.aarch64",
"product": {
"name": "radare2-6.1.4-bp160.1.1.aarch64",
"product_id": "radare2-6.1.4-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "radare2-devel-6.1.4-bp160.1.1.aarch64",
"product": {
"name": "radare2-devel-6.1.4-bp160.1.1.aarch64",
"product_id": "radare2-devel-6.1.4-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "radare2-zsh-completion-6.1.4-bp160.1.1.noarch",
"product": {
"name": "radare2-zsh-completion-6.1.4-bp160.1.1.noarch",
"product_id": "radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"product": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"product_id": "libsdb2_4_2-6.1.4-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "radare2-6.1.4-bp160.1.1.ppc64le",
"product": {
"name": "radare2-6.1.4-bp160.1.1.ppc64le",
"product_id": "radare2-6.1.4-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "radare2-devel-6.1.4-bp160.1.1.ppc64le",
"product": {
"name": "radare2-devel-6.1.4-bp160.1.1.ppc64le",
"product_id": "radare2-devel-6.1.4-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"product": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"product_id": "libsdb2_4_2-6.1.4-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "radare2-6.1.4-bp160.1.1.s390x",
"product": {
"name": "radare2-6.1.4-bp160.1.1.s390x",
"product_id": "radare2-6.1.4-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "radare2-devel-6.1.4-bp160.1.1.s390x",
"product": {
"name": "radare2-devel-6.1.4-bp160.1.1.s390x",
"product_id": "radare2-devel-6.1.4-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"product": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"product_id": "libsdb2_4_2-6.1.4-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "radare2-6.1.4-bp160.1.1.x86_64",
"product": {
"name": "radare2-6.1.4-bp160.1.1.x86_64",
"product_id": "radare2-6.1.4-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "radare2-devel-6.1.4-bp160.1.1.x86_64",
"product": {
"name": "radare2-devel-6.1.4-bp160.1.1.x86_64",
"product_id": "radare2-devel-6.1.4-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64"
},
"product_reference": "libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le"
},
"product_reference": "libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x"
},
"product_reference": "libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsdb2_4_2-6.1.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64"
},
"product_reference": "libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-6.1.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64"
},
"product_reference": "radare2-6.1.4-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-6.1.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le"
},
"product_reference": "radare2-6.1.4-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-6.1.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x"
},
"product_reference": "radare2-6.1.4-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-6.1.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64"
},
"product_reference": "radare2-6.1.4-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-devel-6.1.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64"
},
"product_reference": "radare2-devel-6.1.4-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-devel-6.1.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le"
},
"product_reference": "radare2-devel-6.1.4-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-devel-6.1.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x"
},
"product_reference": "radare2-devel-6.1.4-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-devel-6.1.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64"
},
"product_reference": "radare2-devel-6.1.4-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radare2-zsh-completion-6.1.4-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
},
"product_reference": "radare2-zsh-completion-6.1.4-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29645"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29645",
"url": "https://www.suse.com/security/cve/CVE-2024-29645"
},
{
"category": "external",
"summary": "SUSE Bug 1234065 for CVE-2024-29645",
"url": "https://bugzilla.suse.com/1234065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:45:46Z",
"details": "important"
}
],
"title": "CVE-2024-29645"
},
{
"cve": "CVE-2025-1378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1378"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1378",
"url": "https://www.suse.com/security/cve/CVE-2025-1378"
},
{
"category": "external",
"summary": "SUSE Bug 1237250 for CVE-2025-1378",
"url": "https://bugzilla.suse.com/1237250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:45:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-1378"
},
{
"cve": "CVE-2025-1744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1744"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write vulnerability in radareorg radare2 allows \n\nheap-based buffer over-read or buffer overflow.This issue affects radare2: before \u003c5.9.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1744",
"url": "https://www.suse.com/security/cve/CVE-2025-1744"
},
{
"category": "external",
"summary": "SUSE Bug 1238075 for CVE-2025-1744",
"url": "https://bugzilla.suse.com/1238075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:45:46Z",
"details": "critical"
}
],
"title": "CVE-2025-1744"
},
{
"cve": "CVE-2025-1864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1864"
}
],
"notes": [
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before \u003c5.9.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1864",
"url": "https://www.suse.com/security/cve/CVE-2025-1864"
},
{
"category": "external",
"summary": "SUSE Bug 1238451 for CVE-2025-1864",
"url": "https://bugzilla.suse.com/1238451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:45:46Z",
"details": "critical"
}
],
"title": "CVE-2025-1864"
},
{
"cve": "CVE-2025-5641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5641"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". An additional warning regarding threading support has been added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5641",
"url": "https://www.suse.com/security/cve/CVE-2025-5641"
},
{
"category": "external",
"summary": "SUSE Bug 1244121 for CVE-2025-5641",
"url": "https://bugzilla.suse.com/1244121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:45:46Z",
"details": "low"
}
],
"title": "CVE-2025-5641"
},
{
"cve": "CVE-2026-40499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40499"
}
],
"notes": [
{
"category": "general",
"text": "radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser\u0027s print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted section names to inject r2 commands that are executed when the idp command processes the file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40499",
"url": "https://www.suse.com/security/cve/CVE-2026-40499"
},
{
"category": "external",
"summary": "SUSE Bug 1262142 for CVE-2026-40499",
"url": "https://bugzilla.suse.com/1262142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:libsdb2_4_2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.aarch64",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.s390x",
"openSUSE Leap 16.0:radare2-devel-6.1.4-bp160.1.1.x86_64",
"openSUSE Leap 16.0:radare2-zsh-completion-6.1.4-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T08:45:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-40499"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…