CVE-2022-1283 — NULL Pointer Dereference in Radare2

CWE-476 — NULL Pointer Dereference5 documents4 sources

Severity

5.5MEDIUMNVD

OSV5.0

EPSS

0.3%

top 49.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Radare Radare2 Debian Radare2

Timeline

PublishedApr 8

Latest updateJul 19

Description

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-q5qq-pfcr-g336: NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5↗2022-04-09

▶

OSV

CVE-2022-1283: NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5↗2022-04-08

▶

📋Vendor Advisories

Debian

CVE-2022-1283: radare2 - NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub reposito...↗2022

▶