Out-of-bounds Read in r_bin_java_constant_value_attr_new function in radareorg/radare2
CVE-2022-1451

7.1HIGH

Key Information:

Vendor: Radareorg
Status: Radareorg/radare2
Vendor: CVE Published:; 24 April 2022

What is CVE-2022-1451?

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see CWE-125: Out-of-bounds read.

Affected Version(s)

radareorg/radare2 < 5.7.0

References

https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2e...

x_refsource_CONFIRM

https://github.com/radareorg/radare2/commit/0927ed3ae9944...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2022
Vulnerability Reserved
Apr 24, 2022

JSON

Radareorg

What is CVE-2022-1451?

Affected Version(s)

References

CVSS V3.1

Timeline