Login Sign Up

CVE-2024-29645

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in radare2 v5.8.8 allows attackers to execute arbitrary code by exploiting the parse_die function. This affects users running vulnerable versions of the radare2 reverse engineering framework. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • radare2
Versions: v5.8.8 and potentially earlier versions (specific range not confirmed)
Operating Systems: All platforms running radare2
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing specially crafted input through the parse_die function.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when processing malicious files with radare2.

🟢

If Mitigated

Limited impact with proper sandboxing and least privilege principles applied.

🌐 Internet-Facing: LOW - radare2 is typically used locally for reverse engineering, not as an internet-facing service.
🏢 Internal Only: MEDIUM - Internal users could exploit this if they can supply malicious input files to radare2.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting specific input to trigger the buffer overflow. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 72bf3a486fa851797aa21887a40ba0e3d3a6d620 and later

Vendor Advisory: https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620

Restart Required: No

Instructions:

1. Update radare2 to latest version from official repository. 2. For v5.8.8 users: Apply patch from commit 72bf3a486fa851797aa21887a40ba0e3d3a6d620. 3. Recompile radare2 from source if using custom build.

🔧 Temporary Workarounds

Restrict file processing

all

Limit radare2 usage to trusted files only and avoid processing untrusted input.

Sandbox execution

linux

Run radare2 in a sandboxed environment with limited privileges.

firejail radare2 [file]
bwrap --ro-bind / / --dev /dev --proc /proc radare2 [file]

🧯 If You Can't Patch

  • Run radare2 with minimal privileges (non-root user)
  • Use containerization to isolate radare2 execution from host system

🔍 How to Verify

Check if Vulnerable:

Check radare2 version: radare2 -v. If version is 5.8.8 or earlier, assume vulnerable.

Check Version:

radare2 -v | head -1

Verify Fix Applied:

Verify radare2 version is newer than 5.8.8 or includes commit 72bf3a486fa851797aa21887a40ba0e3d3a6d620.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults or abnormal termination of radare2 processes
  • Unusual memory usage patterns in radare2

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Process:radare2 AND (EventID:1000 OR ExceptionCode:c0000005) OR Process:radare2 AND Memory:HighUsage

📊 Metadata

CVE ID: CVE-2024-29645
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: December 2, 2024
Last Updated: July 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29645, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)