CVE-2022-1437

Published: Apr 22, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

Affected (1)

Products: Radare: Radare2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Radare Radare2	Before 5.7.0

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.