CVE-2022-1237 — Improper Validation of Array Index in Radare2

CWE-129 — Improper Validation of Array Index4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 50.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Radare Radare2 Debian Radare2

Timeline

PublishedApr 6

Latest updateApr 7

Description

Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-4mjq-hx99-8pp5: Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5↗2022-04-07

▶

OSV

CVE-2022-1237: Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5↗2022-04-06

▶

📋Vendor Advisories

Debian

CVE-2022-1237: radare2 - Improper Validation of Array Index in GitHub repository radareorg/radare2 prior ...↗2022

▶