Login Sign Up

CVE-2023-46569

9.8 CRITICAL

📋 TL;DR

CVE-2023-46569 is an out-of-bounds read vulnerability in radare2's ND32 disassembler that could allow attackers to read sensitive memory contents or cause application crashes. This affects radare2 users analyzing ND32 architecture binaries. The vulnerability exists in the print_insn32_fpu function and has a critical CVSS score of 9.8.

💻 Affected Systems

Products:
  • radare2
Versions: 5.8.9 and earlier versions
Operating Systems: All platforms running radare2
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects ND32 architecture binary analysis. Users must process ND32 binaries to trigger the vulnerability.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption leading to complete system compromise if radare2 processes untrusted input.

🟠

Likely Case

Application crash (denial of service) or information disclosure through memory read.

🟢

If Mitigated

Limited impact if radare2 only processes trusted binaries in isolated environments.

🌐 Internet-Facing: MEDIUM - radare2 is typically used offline, but web-based analysis tools could expose it.
🏢 Internal Only: MEDIUM - Internal security teams using radare2 for malware analysis could be affected.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub issues. Exploitation requires feeding malicious ND32 binaries to radare2.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.10 and later

Vendor Advisory: https://github.com/radareorg/radare2/issues/22334

Restart Required: No

Instructions:

1. Update radare2 to version 5.8.10 or later. 2. Use package manager: 'sudo apt update && sudo apt upgrade radare2' (Debian/Ubuntu) or 'brew upgrade radare2' (macOS). 3. For source builds: git pull, rebuild, and reinstall.

🔧 Temporary Workarounds

Disable ND32 analysis

all

Avoid analyzing ND32 architecture binaries until patched

# No specific command - avoid using 'r2' on ND32 binaries

Sandbox radare2 execution

linux

Run radare2 in isolated containers or VMs

docker run --rm -v $(pwd):/work radare2/radare2:latest r2 /work/binary

🧯 If You Can't Patch

  • Restrict radare2 usage to trusted ND32 binaries only
  • Implement strict input validation and monitoring for radare2 processes

🔍 How to Verify

Check if Vulnerable:

Check radare2 version: 'r2 -v' and verify if version is 5.8.9 or earlier

Check Version:

r2 -v

Verify Fix Applied:

Confirm version is 5.8.10 or later: 'r2 -v | grep -q "5.8.1[0-9]" && echo "Patched"'

📡 Detection & Monitoring

Log Indicators:

  • Radare2 segmentation faults
  • Unexpected memory access errors in system logs

Network Indicators:

  • Unusual network connections from radare2 processes if exploited

SIEM Query:

process.name:"r2" AND (event.action:"segmentation_fault" OR event.action:"memory_access_error")

📊 Metadata

CVE ID: CVE-2023-46569
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: October 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46569, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)