Source: radare2 Version: 6.0.7+ds-1 Severity: important Tags: security upstream Forwarded: https://github.com/radareorg/radare2/issues/25482 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for radare2. CVE-2026-4174[0]: | A vulnerability has been found in Radare2 5.9.9. This issue affects | the function walk_exports_trie of the file | libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. | Such manipulation leads to resource consumption. The attack can only | be performed from a local environment. The exploit has been | disclosed to the public and may be used. The existence of this | vulnerability is still disputed at present. Upgrading to version | 6.1.2 is capable of addressing this issue. The name of the patch is | 4371ae84c99c46b48cb21badbbef06b30757aba0. You should upgrade the | affected component. The code maintainer states that, "[he] wont | consider this bug a DoS". If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-4174 https://www.cve.org/CVERecord?id=CVE-2026-4174 [1] https://github.com/radareorg/radare2/issues/25482 [2] https://github.com/radareorg/radare2/commit/4371ae84c99c46b48cb21badbbef06b30757aba0 Regards, Salvatore
