CVE-2022-1238 — Out-of-bounds Write in Radare2

CWE-787 — Out-of-bounds Write CWE-805 — Buffer Access with Incorrect Length Value7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 49.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Linux Kernel Radare Radare2 +1 more

Timeline

PublishedApr 6

Latest updateDec 24

Description

Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

▶Linuxlinux/linux_kernel5.10.0 — 5.10.163+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()↗2025-12-24

▶

GHSA

GHSA-qm57-rv98-r7ch: Heap-based Buffer Overflow in libr/bin/format/ne/ne↗2022-04-07

▶

OSV

CVE-2022-1238: Out-of-bounds Write in libr/bin/format/ne/ne↗2022-04-06

▶

📋Vendor Advisories

Red Hat

kernel: media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()↗2025-12-24

▶

Debian

CVE-2022-1238: radare2 - Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/ra...↗2022

▶