{"id":"CVE-2018-20461","details":"In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.","modified":"2026-04-11T14:54:24.910749Z","published":"2018-12-25T19:29:00.603Z","references":[{"type":"FIX","url":"https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267"},{"type":"EVIDENCE","url":"https://github.com/radare/radare2/issues/12375"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"fixed":"b143e1b1b5622ef2f41a90f4c0f7ed4c477caf40"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.1.1"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"a1bc65c3db593530775823d6d7506a457ed95267"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","2.6.0","2.6.9","2.7.0","2.8.0","2.9.0","3.0.0","3.0.1","3.1.0","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-20461-2da2486c","target":{"file":"libr/core/cmd_anal.c"},"digest":{"line_hashes":["141922767497694566857471600417002808574","202971344102847513116706235972988480109","204906643096746229272438816759673927839","246677730259905368784299160301387041098","118961935678002953960032977815270633552","331753373512213627346819294127384268893","163462107992012366078219464097149674579","186667005095909390127282518954691185377","296887138975345231291263535285940170103","192236779187837678520392442297251062244","296934725901617010876648954835534047387","224351623619811101406132695197505232617","36562927369722457557391958214597954523"],"threshold":0.9},"source":"https://github.com/radareorg/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"CVE-2018-20461-7e5c644c","target":{"function":"core_anal_bytes","file":"libr/core/cmd_anal.c"},"digest":{"function_hash":"98473140861514469170234810120418040435","length":8884},"source":"https://github.com/radareorg/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"CVE-2018-20461-c708ff72","target":{"file":"libr/bin/format/mach0/dyldcache.c"},"digest":{"line_hashes":["91826688001801390993882391060580842390","153573451393114912523381648709776456045","76273051819025290594568241401172330628","223983239877208572709103316397190836729","182546693358306982969485629985754146842"],"threshold":0.9},"source":"https://github.com/radare/radare2/commit/b143e1b1b5622ef2f41a90f4c0f7ed4c477caf40","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"CVE-2018-20461-f5af8262","target":{"function":"r_buf_read_string","file":"libr/bin/format/mach0/dyldcache.c"},"digest":{"function_hash":"161720472885181522724332432472867243711","length":217},"source":"https://github.com/radare/radare2/commit/b143e1b1b5622ef2f41a90f4c0f7ed4c477caf40","deprecated":false,"signature_version":"v1","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20461.json","vanir_signatures_modified":"2026-04-11T14:54:24Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}