CVE-2021-4021 — Vulnetix

CVE-2021-4021 PUBLISHED CVSS 7.5 HIGH

A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.

EPSS 0.44% · 63.2th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.44%

63.2th percentile

Affected Products

Vendor	Product	Versions
n/a	radare2	radare2 5.6.2, radare2 5.6.0, radare2 5.5.4 and radare2 5.5.2
radare	radare2	0

Timeline

Feb 24, 2022 CVE Published
Feb 25, 2022 EPSS Score
Apr 18, 2022 EPSS Score
Jun 9, 2022 EPSS Score
Jul 31, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 12, 2022 EPSS Score
Jan 3, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 16, 2023 EPSS Score
Jun 7, 2023 EPSS Score

References

https://github.com/radareorg/radare2/issues/19436 url
https://nvd.nist.gov/vuln/detail/CVE-2021-4021 advisory

Open in Interactive Console →