{"id":"CVE-2018-19842","details":"getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","modified":"2026-04-11T14:54:32.971126Z","published":"2018-12-04T09:29:00.710Z","references":[{"type":"FIX","url":"https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432"},{"type":"EVIDENCE","url":"https://github.com/radare/radare2/issues/12239"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"fixed":"c033496ebc7034e52a84be9cdb2d2dfad6a4cfac"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.1.0"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"66191f780863ea8c66ace4040d0d04a8842e8432"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","2.6.0","2.6.9","2.7.0","2.8.0","2.9.0","3.0.0","3.0.1","radare2-windows-nightly","termux"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19842.json","vanir_signatures_modified":"2026-04-11T14:54:32Z","vanir_signatures":[{"deprecated":false,"source":"https://github.com/radareorg/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432","target":{"file":"libr/asm/p/asm_x86_nz.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["17289356862643552779117616738638230764","218863782527369619721098549656350751255","290320381442572029114878873901956750113","297897495203835988794858844677240805684","177271434313444291677729203373867461009","35651211959063986914497847455555591644","80975977767538660953709823931627412248","313607390506123454966458181526683900340","289432130671053739689270343446895357773","191636119298625527863592410983501793028","22809562492750362425439120063100732326","58660093387601925117607657048549441976","215235810792463894212391932677201206971","297697175989800728676707968863080534874","120708633053791330654917401913261671029","88629528405458015762772855361877408566","241086510162143667321637698022623388458"]},"signature_type":"Line","id":"CVE-2018-19842-05c1c3e4"},{"deprecated":false,"source":"https://github.com/radareorg/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432","target":{"file":"libr/asm/p/asm_x86_nz.c","function":"getToken"},"signature_version":"v1","digest":{"function_hash":"137780432575582775683134105875768059340","length":634},"signature_type":"Function","id":"CVE-2018-19842-22a0d70d"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}