CVE-2025-63744

CVE-2025-63744

Name

CVE-2025-63744

Description

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md
cve@mitre.org	https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md
cve@mitre.org	https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79
cve@mitre.org	https://github.com/radareorg/radare2/issues/24661

Type

URI

cve@mitre.org

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-002-radare2-nullptr-deref-bin_dyldcache.md

cve@mitre.org

https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_dyldcache.md

cve@mitre.org

https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79

cve@mitre.org

https://github.com/radareorg/radare2/issues/24661

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
radare2	3.22-community	5.9.8-r0	omni <omni+alpine@hack.org>	possibly vulnerable
radare2	3.22-community	5.8.2-r0	None	possibly vulnerable
radare2	3.22-community	5.8.0-r0	None	possibly vulnerable
radare2	3.22-community	5.7.2-r0	None	possibly vulnerable
radare2	3.22-community	5.7.0-r0	None	possibly vulnerable
radare2	3.22-community	5.6.8-r0	None	possibly vulnerable
radare2	3.22-community	5.6.6-r0	None	possibly vulnerable
radare2	3.22-community	5.6.4-r0	None	possibly vulnerable
radare2	3.22-community	5.6.2-r0	None	possibly vulnerable
radare2	3.22-community	5.6.0-r0	None	possibly vulnerable
radare2	3.22-community	5.5.4-r0	None	possibly vulnerable
radare2	3.22-community	5.5.2-r0	None	possibly vulnerable
radare2	3.22-community	5.4.0-r0	None	possibly vulnerable
radare2	3.22-community	5.3.1-r0	None	possibly vulnerable
radare2	3.22-community	4.5.1-r0	None	possibly vulnerable
radare2	3.22-community	4.5.0-r0	None	possibly vulnerable
radare2	3.22-community	4.4.0-r0	None	possibly vulnerable
radare2	3.22-community	4.0.0-r0	None	possibly vulnerable
radare2	3.22-community	3.9.0-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

radare2

3.22-community

5.9.8-r0

omni <omni+alpine@hack.org>

possibly vulnerable

radare2

3.22-community