UBUNTU-CVE-2026-4174

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-4174

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4174.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-4174

Upstream

CVE-2026-4174

Published

2026-03-16T14:19:00Z

Modified

2026-04-22T16:33:20.406930Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. Upgrading to version 6.1.2 is capable of addressing this issue. The name of the patch is 4371ae84c99c46b48cb21badbbef06b30757aba0. You should upgrade the affected component. The code maintainer states that, "[he] wont consider this bug a DoS".

References

Affected packages

Ubuntu:16.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@0.9.6-3.1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.6-3.1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "libradare2-0.9.6"
        },
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "radare2"
        },
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "radare2-plugins"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4174.json"

Ubuntu:Pro:18.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@2.3.0+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0+dfsg-1

2.*

2.0.0+dfsg-1

2.1.0+dfsg-1

2.3.0+dfsg-1

2.3.0+dfsg-2

2.3.0+dfsg-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.0+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-2.3"
        },
        {
            "binary_version": "2.3.0+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "2.3.0+dfsg-2ubuntu0.1~esm1",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4174.json"

Ubuntu:Pro:20.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@4.2.1+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1+dfsg-5build1

4.*

4.0.0+dfsg-1

4.2.1+dfsg-1

4.2.1+dfsg-2

4.2.1+dfsg-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.2.1+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-4.2.1"
        },
        {
            "binary_version": "4.2.1+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "4.2.1+dfsg-2ubuntu0.1~esm1",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4174.json"

Ubuntu:Pro:24.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.5.0+dfsg-1.1ubuntu3+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0+dfsg-1ubuntu1

5.5.0+dfsg-1.1ubuntu2

5.5.0+dfsg-1.1ubuntu3

5.5.0+dfsg-1.1ubuntu3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.5.0+dfsg-1.1ubuntu3+esm1",
            "binary_name": "libradare2-5.0.0t64"
        },
        {
            "binary_version": "5.5.0+dfsg-1.1ubuntu3+esm1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "5.5.0+dfsg-1.1ubuntu3+esm1",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4174.json"

Ubuntu:25.10 / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.9.8+dfsg-2ubuntu0.25.10.2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.8+dfsg-2

5.9.8+dfsg-2ubuntu0.25.10.1

5.9.8+dfsg-2ubuntu0.25.10.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.9.8+dfsg-2ubuntu0.25.10.2",
            "binary_name": "libradare2-5.0.0t64"
        },
        {
            "binary_version": "5.9.8+dfsg-2ubuntu0.25.10.2",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "5.9.8+dfsg-2ubuntu0.25.10.2",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4174.json"