{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"low"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-5641","title":"Title"},{"category":"description","text":"A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". An additional warning regarding threading support has been added.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-5641","url":"https://www.suse.com/security/cve/CVE-2025-5641"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1244121 for CVE-2025-5641","url":"https://bugzilla.suse.com/1244121"}],"title":"SUSE CVE CVE-2025-5641","tracking":{"current_release_date":"2025-12-19T00:49:44Z","generator":{"date":"2025-06-06T02:25:10Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-5641","initial_release_date":"2025-06-06T02:25:10Z","revision_history":[{"date":"2025-06-06T02:25:10Z","number":"2","summary":"Current version"},{"date":"2025-07-04T14:42:11Z","number":"3","summary":"Current version"},{"date":"2025-07-07T23:35:55Z","number":"4","summary":"Current version"},{"date":"2025-12-17T00:50:13Z","number":"5","summary":"description changed"},{"date":"2025-12-19T00:49:44Z","number":"6","summary":"description changed"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"radare2-5.9.8-3.1","product":{"name":"radare2-5.9.8-3.1","product_id":"radare2-5.9.8-3.1","product_identification_helper":{"cpe":"cpe:2.3:a:radare:radare2:5.9.8:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/radare2@5.9.8-3.1"}}},{"category":"product_version","name":"radare2-devel-5.9.8-3.1","product":{"name":"radare2-devel-5.9.8-3.1","product_id":"radare2-devel-5.9.8-3.1","product_identification_helper":{"purl":"pkg:rpm/suse/radare2-devel@5.9.8-3.1"}}},{"category":"product_version","name":"radare2-zsh-completion-5.9.8-3.1","product":{"name":"radare2-zsh-completion-5.9.8-3.1","product_id":"radare2-zsh-completion-5.9.8-3.1","product_identification_helper":{"purl":"pkg:rpm/suse/radare2-zsh-completion@5.9.8-3.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"radare2-5.9.8-3.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:radare2-5.9.8-3.1"},"product_reference":"radare2-5.9.8-3.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"radare2-devel-5.9.8-3.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:radare2-devel-5.9.8-3.1"},"product_reference":"radare2-devel-5.9.8-3.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"radare2-zsh-completion-5.9.8-3.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:radare2-zsh-completion-5.9.8-3.1"},"product_reference":"radare2-zsh-completion-5.9.8-3.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2025-5641","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-5641"}],"notes":[{"category":"general","text":"A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and \"crashy\". Further analysis has shown \"the race is not a real problem unless you use asan\". An additional warning regarding threading support has been added.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:radare2-5.9.8-3.1","openSUSE Tumbleweed:radare2-devel-5.9.8-3.1","openSUSE Tumbleweed:radare2-zsh-completion-5.9.8-3.1"]},"references":[{"category":"external","summary":"CVE-2025-5641","url":"https://www.suse.com/security/cve/CVE-2025-5641"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1244121 for CVE-2025-5641","url":"https://bugzilla.suse.com/1244121"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:radare2-5.9.8-3.1","openSUSE Tumbleweed:radare2-devel-5.9.8-3.1","openSUSE Tumbleweed:radare2-zsh-completion-5.9.8-3.1"]}],"scores":[{"cvss_v3":{"baseScore":2.5,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"products":["openSUSE Tumbleweed:radare2-5.9.8-3.1","openSUSE Tumbleweed:radare2-devel-5.9.8-3.1","openSUSE Tumbleweed:radare2-zsh-completion-5.9.8-3.1"]}],"threats":[{"category":"impact","date":"2025-06-05T08:00:18Z","details":"low"}],"title":"CVE-2025-5641"}]}