Source: radare2 Version: 6.0.7+ds-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for radare2. CVE-2026-8695[0]: | radare2 6.1.5 contains a use-after-free vulnerability in the | gdbr_threads_list() function that allows remote attackers to trigger | memory corruption by sending a valid qfThreadInfo response followed | by a malformed qsThreadInfo response. Attackers can exploit this | vulnerability through GDB remote debugging to cause a denial of | service or potentially achieve code execution by manipulating thread | list processing. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-8695 https://www.cve.org/CVERecord?id=CVE-2026-8695 [1] https://github.com/radareorg/radare2/issues/25835 [2] https://github.com/radareorg/radare2/issues/25836 [3] https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c Regards, Salvatore
