{"id":"CVE-2021-32495","details":"Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.\n\n","modified":"2026-04-11T17:12:36.108776Z","published":"2023-07-07T19:15:09.600Z","references":[{"type":"FIX","url":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"},{"type":"FIX","url":"https://github.com/radareorg/radare2/issues/18666"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"ee753c25094c6e1c62dfb9596423824251dbc943"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.3.0"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","2.6.0","2.6.9","2.7.0","2.8.0","2.9.0","3.0.0","3.0.1","3.1.0","3.1.1","3.1.2","3.1.3","3.2.0","3.2.1","3.3.0","3.4.0","3.4.1","3.5.0","3.5.1","3.6.0","3.7.0","3.7.1","3.8.0","3.9.0","4.0.0","4.1.0","4.1.1","4.2.0","4.2.1","4.3.0","4.3.1","4.4.0","4.5.1","5.0.0","5.1.0","5.1.1","5.2.0","5.2.1","5.3.0","Continuous-Windows","continuous","radare2-windows-nightly","release-5.0.0","termux"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32495.json","vanir_signatures":[{"target":{"file":"libr/bin/format/pyc/marshal.c","function":"get_none_object"},"source":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","signature_version":"v1","id":"CVE-2021-32495-89e7b878","deprecated":false,"digest":{"function_hash":"281144442903635776283408469084151380870","length":228},"signature_type":"Function"},{"target":{"file":"libr/bin/format/pyc/marshal.c"},"source":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","signature_version":"v1","id":"CVE-2021-32495-e60a11fd","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["293727422535202617895383407783017198569","325426534639164205903082921648749687711","228831602891691957477592427643617201977","224186186095923557659101101390381017579","212850913520644578786064218748185165524","172004653938665698361432276404790548809","26425263749308728204585716171309190508","149829655951370627201221230733046478701","246419025862705036512837914482105705955","228127056506232150828101904703011610912"]},"signature_type":"Line"},{"target":{"file":"libr/bin/format/pyc/marshal.c","function":"get_object"},"source":"https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05","signature_version":"v1","id":"CVE-2021-32495-f6dc3e9a","deprecated":false,"digest":{"function_hash":"152887779541464158850990740854948468430","length":2432},"signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T17:12:36Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}