Upstream information

CVE-2024-29645 at MITRE

Description

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  CNA (CISA-ADP)
Base Score 7.8
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1234065 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP5
  • radare2 >= 5.9.8-bp155.2.3.1
  • radare2-devel >= 5.9.8-bp155.2.3.1
  • radare2-zsh-completion >= 5.9.8-bp155.2.3.1
 Patchnames:
openSUSE-2024-396
SUSE Package Hub 15 SP6
  • radare2 >= 5.9.8-bp156.4.3.1
  • radare2-devel >= 5.9.8-bp156.4.3.1
  • radare2-zsh-completion >= 5.9.8-bp156.4.3.1
 Patchnames:
openSUSE-2024-397
openSUSE Leap 15.5
  • radare2 >= 5.9.8-bp155.2.3.1
  • radare2-devel >= 5.9.8-bp155.2.3.1
  • radare2-zsh-completion >= 5.9.8-bp155.2.3.1
 Patchnames:
openSUSE-2024-396
openSUSE Leap 15.6
  • radare2 >= 5.9.8-bp156.4.3.1
  • radare2-devel >= 5.9.8-bp156.4.3.1
  • radare2-zsh-completion >= 5.9.8-bp156.4.3.1
 Patchnames:
openSUSE-2024-397
openSUSE Tumbleweed
  • radare2 >= 5.9.8-1.1
  • radare2-devel >= 5.9.8-1.1
  • radare2-zsh-completion >= 5.9.8-1.1
 Patchnames:
openSUSE-Tumbleweed-2024-14569

SUSE Timeline for this CVE

CVE page created: Mon Dec 2 18:01:09 2024
CVE page last modified: Mon Mar 17 12:07:36 2025