CVE-2025-60358

EUVD-2025-34833
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
radareradare2
𝑥
≤ 5.9.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
radare2
sid
6.0.7+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
radare2
bionic
not-affected
focal
not-affected
jammy
dne
noble
not-affected
plucky
Fixed 5.9.8+dfsg-2ubuntu0.25.04.1
released
questing
Fixed 5.9.8+dfsg-2ubuntu0.25.10.1
released
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/radareorg/radare2/pull/24224