CVE-2022-1240 — Heap-based Buffer Overflow in Radare2

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-1240 — Use of a Cryptographic Primitive with a Risky Implementation6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 52.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Debian Radare2 Radare Radare2

Timeline

PublishedApr 6

Latest updateJun 14

Description

Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.8.6

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

▶NVDradare/radare25.6.6

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-m6g3-mrp2-c625: Heap buffer overflow in libr/bin/format/mach0/mach0↗2022-04-07

▶

OSV

CVE-2022-1240: Heap buffer overflow in libr/bin/format/mach0/mach0↗2022-04-06

▶

📋Vendor Advisories

Red Hat

hw: cpu: cryptographic leaks via frequency scaling attacks(Intel)↗2022-06-14

▶

Red Hat

hw: cpu: cryptographic leaks via frequency scaling attacks(AMD)↗2022-06-14

▶

Debian

CVE-2022-1240: radare2 - Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radar...↗2022

▶