A security flaw has been discovered in radareorg radare2...
Low severity
Unreviewed
Published
Jul 5, 2026
to the GitHub Advisory Database
•
Updated Jul 5, 2026
Description
Published by the National Vulnerability Database
Jul 5, 2026
Published to the GitHub Advisory Database
Jul 5, 2026
Last updated
Jul 5, 2026
A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function r_bin_java_inner_classes_attr_calc_size of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The patch is named cd62d15a6cbecdc67fd03f3ebdbbbeb741d18f87. To fix this issue, it is recommended to deploy a patch.
References