CVE-2022-1296 — Out-of-bounds Read in Radare2

CWE-125 — Out-of-bounds Read CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

9.1CRITICALNVD

EPSS

0.3%

top 48.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Linux Kernel Radare Radare2 +1 more

Timeline

PublishedApr 11

Latest updateDec 24

Description

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

▶Linuxlinux/linux_kernel2.6.16 — 5.4.229+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

configfs: fix possible memory leak in configfs_create_dir()↗2025-12-24

▶

GHSA

GHSA-j6rf-4h73-953x: Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5↗2022-04-12

▶

OSV

CVE-2022-1296: Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5↗2022-04-11

▶

📋Vendor Advisories

Debian

CVE-2022-1296: radare2 - Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radare...↗2022

▶