Heap Buffer Overflow in Radare2 Versions 5.4.0 and Earlier
CVE-2022-28072

7.5HIGH

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 22 August 2023

What is CVE-2022-28072?

The vulnerability is characterized by a heap buffer overflow in the r_read_le32 function, which may allow attackers to corrupt memory, leading to potential arbitrary code execution or application crashes. This affects Radare2 versions 5.4.0 and earlier, where improper handling of buffer sizes can be exploited, jeopardizing the integrity of the applications relying on this software. Users are strongly advised to update to patched versions to mitigate these risks.

References

https://github.com/radareorg/radare2/commit/027cd9b727498...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Mar 28, 2022

CVE-2022-28072 Data

JSON