CVE-2023-0302 — Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in Radare2

CWE-75 — Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)CWE-74 — Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 59.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Radare Radare2 Debian Radare2

Timeline

PublishedJan 15

Description

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5radareorg/radareorg_radare2unspecified — 5.8.2

▶NVDradare/radare2< 5.8.2

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2c6-38hv-3jwx: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5↗2023-01-15

▶

OSV

CVE-2023-0302: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5↗2023-01-15

▶

📋Vendor Advisories

Debian

CVE-2023-0302: radare2 - Failure to Sanitize Special Elements into a Different Plane (Special Element Inj...↗2023

▶