Login Sign Up

CVE-2021-32494

10.0 CRITICAL
Denial of Service

📋 TL;DR

CVE-2021-32494 is a division by zero vulnerability in Radare2's Mach-O parser that allows attackers to cause denial of service through malicious inputs. This affects users who process untrusted Mach-O files with vulnerable Radare2 versions. The vulnerability can crash the application when parsing specially crafted files.

💻 Affected Systems

Products:
  • radare2
Versions: Versions before commit a07dedb804a82bc01c07072861942dd80c6b6d62 (specifically before 5.4.0-git)
Operating Systems: All platforms running Radare2
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing Mach-O files, which is a core function of Radare2. No special configuration required.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing Radare2 to crash when processing malicious Mach-O files, potentially disrupting reverse engineering workflows or automated analysis systems.

🟠

Likely Case

Application crash when processing malicious Mach-O files, requiring restart of Radare2 and potential loss of unsaved work.

🟢

If Mitigated

No impact if patched version is used or if untrusted Mach-O files are not processed.

🌐 Internet-Facing: LOW - Radare2 is typically used as a local analysis tool rather than an internet-facing service.
🏢 Internal Only: MEDIUM - Internal users processing untrusted Mach-O files could experience application crashes affecting productivity.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires providing a malicious Mach-O file to Radare2. The vulnerability is well-documented in public repositories with proof-of-concept examples available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit a07dedb804a82bc01c07072861942dd80c6b6d62 and later, Radare2 5.4.0 and later

Vendor Advisory: https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62

Restart Required: No

Instructions:

1. Update Radare2 to version 5.4.0 or later. 2. If using git version, ensure commit a07dedb804a82bc01c07072861942dd80c6b6d62 is included. 3. Recompile if building from source.

🔧 Temporary Workarounds

Avoid processing untrusted Mach-O files

all

Do not use Radare2 to analyze untrusted Mach-O binary files until patched.

🧯 If You Can't Patch

  • Restrict Radare2 usage to trusted Mach-O files only
  • Implement file validation/sandboxing for Mach-O file processing

🔍 How to Verify

Check if Vulnerable:

Check Radare2 version with 'r2 -v' and verify it's older than 5.4.0, or check if commit a07dedb804a82bc01c07072861942dd80c6b6d62 is not in your build.

Check Version:

r2 -v

Verify Fix Applied:

Update to Radare2 5.4.0 or later and verify version with 'r2 -v', or test with known malicious Mach-O files that previously caused crashes.

📡 Detection & Monitoring

Log Indicators:

  • Radare2 crash logs when processing Mach-O files
  • SIGFPE (floating point exception) signals

Network Indicators:

  • N/A - local tool vulnerability

SIEM Query:

Process:radare2 AND (EventID:1000 OR Signal:SIGFPE)

📊 Metadata

CVE ID: CVE-2021-32494
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-369
Published: July 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32494, you might also want to check these:

CVE-2020-20892 8.8

A division by zero vulnerability in FFmpeg's lens correction filter allows attackers to cause denial...

Same vulnerability type (CWE-369)
CVE-2023-3896 7.8

This vulnerability is a divide-by-zero error in Vim text editor versions 9.0.1367-1 through 9.0.1367...

Same vulnerability type (CWE-369)
CVE-2023-1127 7.8

CVE-2023-1127 is a divide-by-zero vulnerability in Vim text editor that can cause a crash or potenti...

Same vulnerability type (CWE-369)