Use After Free Vulnerability in Radare2 by Radareorg
CVE-2022-28073

7.5HIGH

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 22 August 2023

What is CVE-2022-28073?

A use after free vulnerability exists in the r_reg_set_value function in Radare2 versions 5.4.2 and 5.4.0. This type of vulnerability can lead to application crashes or the execution of arbitrary code, potentially compromising system security. The flaw arises from improper handling of memory that has already been freed, allowing attackers to manipulate the control flow and exploit the software.

References

https://github.com/radareorg/radare2/commit/59a9dfb60acf8...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Mar 28, 2022

CVE-2022-28073 Data

JSON