2447696 – (CVE-2026-4174) CVE-2026-4174 Radare2: Radare2: Local resource consumption via Mach-O File Parser

Bug 2447696 (CVE-2026-4174) - CVE-2026-4174 Radare2: Radare2: Local resource consumption via Mach-O File Parser

Summary: CVE-2026-4174 Radare2: Radare2: Local resource consumption via Mach-O File Pa...

Keywords:
Status:	NEW
Alias:	CVE-2026-4174
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2447930 2447931
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-15 11:01 UTC by OSIDB Bzimport
Modified:	2026-03-16 13:40 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-15 11:01:41 UTC

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. Upgrading to version 6.1.2 is capable of addressing this issue. The name of the patch is 4371ae84c99c46b48cb21badbbef06b30757aba0. You should upgrade the affected component. The code maintainer states that, "[he] wont consider this bug a DoS".

Note You need to log in before you can comment on or make changes to this bug.