CVE-2022-1649 — NULL Pointer Dereference in Radare2

CWE-476 — NULL Pointer Dereference CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 51.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Radare Radare2 Debian Radare2

Timeline

PublishedMay 10

Latest updateNov 22

Description

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.7.0

▶NVDradare/radare2< 5.7.0

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gvc2-c45p-m2r9: Null pointer dereference in libr/bin/format/mach0/mach0↗2022-05-11

▶

OSV

CVE-2022-1649: Null pointer dereference in libr/bin/format/mach0/mach0↗2022-05-10

▶

📋Vendor Advisories

Debian

CVE-2022-1649: radare2 - Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 i...↗2022

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities↗2022-11-22

▶

Talos

Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities↗2022-11-22

▶