CVE-2022-1451

Name
CVE-2022-1451
Description
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
MISC https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:* radare2 >= None < 5.7.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
radare2 3.15-community 5.5.0-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 3.16-community 5.6.8-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable