Null Pointer Dereference in Radare2 by RadareOrg
CVE-2022-28070

7.5HIGH

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 22 August 2023

What is CVE-2022-28070?

A vulnerability exists due to a null pointer dereference in the __core_anal_fcn function within Radare2 versions 5.4.0 and 5.4.2. This flaw can cause unexpected behavior and may lead to application crashes, which could potentially be exploited by attackers to disrupt service or compromise system integrity. It is crucial for users of the affected versions to apply updates to mitigate potential risks.

References

https://github.com/radareorg/radare2/commit/4aff1bb00224d...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Mar 28, 2022

CVE-2022-28070 Data

JSON