Description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
Published: 2026-05-15
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in the gdbr_pids_list() function of radare2 6.1.5. It is triggered when a malformed thread information response causes qsThreadInfo to fail after qfThreadInfo has allocated RDebugPid structures. The failure path performs a double‑free of the allocated memory, allowing a remote attacker to corrupt memory, crash the process, or potentially execute arbitrary code.

Affected Systems

The affected product is radare2 version 6.1.5. No other versions are listed as affected in the provided data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, but the EPSS score is not available so the precise likelihood of exploitation cannot be determined. Because this flaw allows remote attackers to send crafted GDB client responses, it can be exploited over a network where GDB debugging is exposed. The vulnerability is not listed in the CISA KEV catalog, but its potential to cause denial of service or arbitrary code execution warrants close monitoring and rapid remediation.

Generated by OpenCVE AI on May 15, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update radare2 to a version that includes the commit which fixes gdbr_pids_list() (c213ad6…).
  • If an update is not immediately possible, restrict or block GDB debug traffic to trusted hosts or the localhost only by configuring firewall rules.
  • Disable the GDB debugging feature in radare2 as a temporary workaround until a fixed version is applied.

Generated by OpenCVE AI on May 15, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
Title radare2 6.1.5 Use-After-Free via gdbr_pids_list()
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T20:52:32.575Z

Reserved: 2026-05-15T16:29:43.746Z

Link: CVE-2026-8696

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T21:16:39.360

Modified: 2026-05-15T21:16:39.360

Link: CVE-2026-8696

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:30:06Z

Weaknesses