CVE-2022-1284 — Use After Free in Radare2

CWE-416 — Use After Free CWE-1284 — Improper Validation of Specified Quantity in Input CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption CWE-287 — Improper Authentication35 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 47.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Istio.io Istio Radare Radare2 +38 more

Timeline

PublishedApr 8

Latest updateDec 30

Description

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages41 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

▶Goistio.io/istio1.13.0 — 1.13.1+2

▶npmtooljet/tooljet< 1.27.0

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

ToolJet is vulnerable to Denial of Service (DoS)↗2022-11-22

▶

GHSA

`tf.raw_ops.Mfcc` crashes↗2022-11-21

▶

GHSA

conduit-hyper vulnerable to Denial of Service from unchecked request length↗2022-10-31

▶

GHSA

parse-server crashes when receiving file download request with invalid byte range↗2022-10-18

▶

GHSA

Missing validation causes denial of service via `LSTMBlockCell`↗2022-05-24

▶

📋Vendor Advisories

Red Hat

kernel: ext2: Add sanity checks for group and filesystem size↗2025-12-30

▶

Red Hat

kernel: erofs: fix order >= MAX_ORDER warning due to crafted negative i_size↗2025-09-15

▶

Red Hat

kernel: ext4: avoid resizing to a partial cluster size↗2025-06-18

▶

Red Hat

kernel: Linux kernel: Denial of Service in ext2 filesystem via corrupted inode counts↗2025-06-18

▶

Red Hat

kernel: cifs: Fix memory leak on the deferred close↗2025-06-18

▶