CVE-2026-14789 in radare2info

Summary

by MITRE • 07/06/2026

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. The patch is named 175d4addb68981331c85b10681c2161c38fb5762. It is suggested to install a patch to address this issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability identified in radareorg radare2 version 6.1.6 represents a critical stack-based buffer overflow within the Memory64ListStream Parser component of the mdmp.c file in the libr/bin/format/mdmp directory. This flaw exists in the handling of memory dump files and affects the broader binary analysis functionality of the tool. The vulnerability stems from improper bounds checking during the parsing of structured memory dump data streams, specifically when processing the Memory64ListStream which contains information about memory regions within a process. The issue manifests as a classic stack buffer overflow where insufficient validation allows an attacker to write beyond allocated buffer boundaries, potentially corrupting adjacent stack memory and leading to arbitrary code execution or application crashes.

The attack vector requires local system access, meaning an adversary must already have user-level privileges on the target system to exploit this vulnerability. However, given that radare2 is widely used by security researchers, developers, and penetration testers for binary analysis, the impact extends beyond simple local exploitation scenarios. The public availability of the exploit increases the risk significantly since it can be leveraged by malicious actors who gain access to systems running vulnerable versions of radare2. The specific patch identified as 175d4addb68981331c85b10681c2161c38fb5762 addresses the buffer overflow by implementing proper input validation and bounds checking mechanisms within the memory stream parsing logic.

This vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which describes a condition where a program writes data beyond the boundaries of a fixed-length stack buffer. The operational impact of this flaw extends to the integrity and availability of binary analysis operations performed using radare2, potentially compromising security research activities and forensic analysis workflows that depend on reliable parsing of memory dump files. The ATT&CK framework categorizes this vulnerability under T1587 Adversary Infrastructure and T1059 Command and Scripting Interpreter, as exploitation could enable attackers to establish persistent access or escalate privileges through compromised analysis environments.

Organizations relying on radare2 for security research, malware analysis, or system forensics should immediately apply the provided patch to mitigate this vulnerability. The mitigation strategy involves updating to a patched version of radare2 that incorporates proper buffer size validation and memory management practices within the mdmp parsing component. Additionally, system administrators should consider implementing access controls and privilege separation for systems where radare2 is installed to limit potential exploitation scenarios. Regular security assessments of binary analysis toolchains are recommended to identify similar vulnerabilities in other components that may be susceptible to similar buffer overflow conditions.

The broader implications of this vulnerability highlight the importance of secure coding practices in security tools themselves, as these applications often process untrusted input from various sources including malware samples, memory dumps, and other forensic artifacts. The presence of such vulnerabilities in widely-used analysis tools creates a potential attack surface that malicious actors may exploit to compromise the integrity of security research environments or gain unauthorized access to systems through compromised analysis workflows. Security teams should monitor for similar vulnerabilities in other binary analysis frameworks and maintain updated threat intelligence regarding exploits targeting development and security analysis tools.

The vulnerability demonstrates how seemingly specialized components within security tools can contain critical flaws that affect overall system security posture. The Memory64ListStream parser functionality is crucial for processing windows memory dump files, which are commonly encountered during incident response and malware analysis activities. Any compromise of this parsing functionality could result in successful exploitation leading to complete system compromise, making prompt patching essential for maintaining the security of analysis environments that rely on radare2 for their operations.

Responsible

VulDB

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!