UBUNTU-CVE-2025-5647

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-5647

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5647.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-5647

Related

CVE-2025-5647

Published

2025-06-05T00:00:00Z

Modified

2025-06-05T17:08:04Z

Severity

2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function rconscontextbreakpop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

References

Affected packages

Ubuntu:Pro:16.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@0.9.6-3.1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.6-3.1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@2.3.0+dfsg-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0+dfsg-1

2.*

2.0.0+dfsg-1

2.1.0+dfsg-1

2.3.0+dfsg-1

2.3.0+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@4.2.1+dfsg-2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1+dfsg-5build1

4.*

4.0.0+dfsg-1

4.2.1+dfsg-1

4.2.1+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.9.4+dfsg-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0+dfsg-1.1ubuntu3

5.9.0+dfsg-2

5.9.2+dfsg-1

5.9.2+dfsg-1build1

5.9.4+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.5.0+dfsg-1.1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0+dfsg-1ubuntu1

5.5.0+dfsg-1.1ubuntu2

5.5.0+dfsg-1.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.9.8+dfsg-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.4+dfsg-1

5.9.4+dfsg-1build1

5.9.8+dfsg-1

5.9.8+dfsg-1build1

5.9.8+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}