CVE-2022-4398Integer Overflow or Wraparound in Radare2

CWE-190Integer Overflow or WraparoundCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 44.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Radareorg Radare2Radare Radare2Debian Radare2
Timeline
PublishedDec 10

Description

Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5radareorg/radareorg_radare2unspecified5.8.0
NVDradare/radare2< 5.8.0
debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2022-4398: Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 52022-12-10
GHSA
GHSA-vvhh-g843-7vrh: Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 52022-12-10

📋Vendor Advisories

2
CISA
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability2022-03-28
Debian
CVE-2022-4398: radare2 - Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5...2022