CVE-2022-1382 — NULL Pointer Dereference in Radare2

CWE-476 — NULL Pointer Dereference CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

5.5MEDIUMNVD

OSV7.0

EPSS

0.2%

top 51.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Radare Radare2 Linux Kernel +1 more

Timeline

PublishedApr 18

Latest updateApr 19

Description

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.6.8

▶NVDradare/radare2< 5.6.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

▶Ubuntulinux/linux_kernel< 4.4.0-253.287

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2024-04-19

▶

GHSA

GHSA-q8cr-ff8r-cv2j: NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5↗2022-04-19

▶

OSV

CVE-2022-1382: NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5↗2022-04-18

▶

📋Vendor Advisories

Debian

CVE-2022-1382: radare2 - NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. ...↗2022

▶