{"id":"CVE-2018-11379","details":"The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.","modified":"2026-04-10T02:00:51.767188Z","published":"2018-05-22T19:29:00.427Z","references":[{"type":"ADVISORY","url":"https://github.com/radare/radare2/issues/9926"},{"type":"FIX","url":"https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"c2b7d11ca74cd98eba8912d94ec0973cf2965697"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.0"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"4e1cf0d3e6f6fe2552a269def0af1cd2403e266c"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures_modified":"2026-04-10T02:00:51Z","vanir_signatures":[{"digest":{"line_hashes":["195342921626668978905769797848564384085","299597133818556324622741801796026882732","146360435971586705765915970075424593476","253011028945088115769697052480343597160","118676659225823661518027985482366259852","267021491414392724615190134162672645453","201236357109002593463181426344354295805","301597490813403662632511272824089441371","205956667256020520492458202986329257172","397071036691459829424013577574892142","182298217996095470119496356060637767602","323605138358458446330969518010958749079","214856859076998003940568257498302910684","111881495015248821593256516672388929562","249278781363752697501216326800732786212"],"threshold":0.9},"signature_version":"v1","target":{"file":"libr/bin/format/pe/pe.c"},"source":"https://github.com/radareorg/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c","signature_type":"Line","id":"CVE-2018-11379-239717b8","deprecated":false},{"digest":{"length":195,"function_hash":"291917089660934115897274696791522513554"},"signature_version":"v1","target":{"file":"libr/bin/format/pe/pe.c","function":"get_nb10"},"source":"https://github.com/radareorg/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c","signature_type":"Function","id":"CVE-2018-11379-47683404","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11379.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}