Radare Radare2 vulnerabilities

CVE-2022-1283 [MEDIUM] CWE-476 CVE-2022-1283: NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).

CVE-2022-1284 [MEDIUM] CWE-416 CVE-2022-1284: heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is cap heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

CVE-2022-1238 [HIGH] CWE-787 CVE-2022-1238: Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8 Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

CVE-2022-1240 [HIGH] CWE-122 CVE-2022-1240: Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior t Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.

CVE-2022-1237 [HIGH] CWE-129 CVE-2022-1237: Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulne Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

CVE-2022-1244 [MEDIUM] CWE-122 CVE-2022-1244: heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is ca heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

CVE-2022-1207 [MEDIUM] CWE-125 CVE-2022-1207: Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

CVE-2022-1061 [HIGH] CWE-122 CVE-2022-1061: Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.

CVE-2022-1052 [MEDIUM] CWE-122 CVE-2022-1052: Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6 Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.

CVE-2022-1031 [HIGH] CWE-416 CVE-2022-1031: Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.

CVE-2022-0849 [MEDIUM] CWE-416 CVE-2022-0849: Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.

CVE-2021-4021 [HIGH] CWE-400 CVE-2021-4021: A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a h A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.

CVE-2022-0695 [MEDIUM] CWE-400 CVE-2022-0695: Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0476 [MEDIUM] CWE-400 CVE-2022-0476: Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0713 [HIGH] CWE-122 CVE-2022-0713: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0676 [HIGH] CWE-122 CVE-2022-0676: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0712 [MEDIUM] CWE-476 CVE-2022-0712: NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0559 [CRITICAL] CWE-416 CVE-2022-0559: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-0139 [CRITICAL] CWE-416 CVE-2022-0139: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

CVE-2022-0518 [HIGH] CWE-122 CVE-2022-0518: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.