Heap Buffer Overflow in Radare2 Affected in Specific Versions
CVE-2022-28068

7.5HIGH

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 22 August 2023

What is CVE-2022-28068?

A heap buffer overflow vulnerability exists in the r_sleb128 function within specific versions of Radare2, specifically versions 5.4.0 and 5.4.2. This flaw can potentially allow an attacker to manipulate memory, possibly leading to arbitrary code execution or denial of service. Users of Radare2 are strongly encouraged to update to the latest version where this issue has been addressed. More information can be found in the code commit linked in the references.

References

https://github.com/radareorg/radare2/commit/637f4bd1af675...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Mar 28, 2022

CVE-2022-28068 Data

JSON