Overview
A NULL pointer dereference vulnerability, identified as CVE-2025-63744, affects radare2 versions 6.0.5 and earlier. This vulnerability resides in the load() function of the bin_dyldcache.c file. By processing a specially crafted file, an attacker can trigger a segmentation fault, leading to a program crash. This can disrupt radare2’s functionality and potentially hinder security analysis tasks.
Technical Details
The vulnerability stems from a missing check for a NULL pointer before dereferencing it within the load() function in bin_dyldcache.c. When radare2 attempts to process a malicious or corrupted dyldcache file, a specific condition can cause the pointer to remain NULL. Subsequent attempts to access the data pointed to by this NULL pointer result in a dereference, causing the application to crash.
CVSS Analysis
Currently, the CVSS score is not available (N/A) for CVE-2025-63744. While the vulnerability leads to a denial-of-service condition (crash), the lack of information regarding exploitability and impact on confidentiality, integrity, and availability prevents a more precise CVSS assessment. Further analysis is required to determine the exploitability and overall risk associated with this vulnerability.
Possible Impact
The primary impact of CVE-2025-63744 is a denial-of-service (DoS). A successful exploit will cause radare2 to crash, interrupting any ongoing analysis. This could be leveraged to hinder reverse engineering efforts, malware analysis, or vulnerability research. While a crash alone might not seem severe, it can be detrimental in time-sensitive or critical security investigations.
Mitigation or Patch Steps
The recommended mitigation is to update to a version of radare2 that includes the fix for this vulnerability. The fix is available in the following commit:
Users are advised to regularly update their radare2 installations to benefit from the latest security patches and bug fixes. If updating is not immediately possible, exercise caution when processing untrusted dyldcache files.
