CVE-2022-1207 — Out-of-bounds Read in Radare2

CWE-125 — Out-of-bounds Read CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 71.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Radare Radare2 Debian Radare2

Timeline

PublishedApr 1

Latest updateFeb 26

Description

Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:LExploitability: 1.8 | Impact: 4.7

Affected Packages3 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-66gq-3g6r-6hjw: Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5↗2022-04-02

▶

OSV

CVE-2022-1207: Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5↗2022-04-01

▶

📋Vendor Advisories

Red Hat

kernel: XArray: Fix xas_create_range() when multi-order entry present↗2025-02-26

▶

Debian

CVE-2022-1207: radare2 - Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This v...↗2022

▶