CVE-2022-1383

Heap-based Buffer Overflow in radareorg/radare2

Published: 4/17/2022 Last updated: 8/3/2024 Reserved: 4/17/2022

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

CNA assigner: @huntrdev (c09c270a-b464-47c1-9133-acb35b22c19a) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	4.8	Medium	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Opam packages affected (2)

conf-radare2 radare2

Products affected (1)

Product	Vendor	Version
radareorg/radare2	radareorg	11.1.7, 11.2.4, 12.0.0

References (4)

https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862
https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862