{"id":"CVE-2018-11384","details":"The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.","modified":"2026-04-11T06:58:38.537567Z","published":"2018-05-22T19:29:00.663Z","references":[{"type":"ADVISORY","url":"https://github.com/radare/radare2/issues/9903"},{"type":"FIX","url":"https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"c2b7d11ca74cd98eba8912d94ec0973cf2965697"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.0"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"77c47cf873dd55b396da60baa2ca83bbd39e4add"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-11384-91ba5710","source":"https://github.com/radareorg/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["189433578542933982838747256574816422227","158735569826761234377372695041498042996","35313078242998185992414146927014225632","195564036888377431558360896683666571693","256212223745787217962407506107919491637"]},"target":{"file":"libr/anal/p/anal_sh.c"},"signature_version":"v1","signature_type":"Line"},{"id":"CVE-2018-11384-dbad63a8","source":"https://github.com/radareorg/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add","deprecated":false,"digest":{"length":594,"function_hash":"54169014298782402503783014203937854054"},"target":{"file":"libr/anal/p/anal_sh.c","function":"sh_op"},"signature_version":"v1","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11384.json","vanir_signatures_modified":"2026-04-11T06:58:38Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}