NULL Pointer Dereference in Radare2 by Radare Organization
CVE-2022-34520

5.5MEDIUM

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 22 July 2022

What is CVE-2022-34520?

Radare2 version 5.7.2 contains a vulnerability that allows attackers to exploit a NULL pointer dereference in the r_bin_file_xtr_load_buffer function located in bin/bfile.c. This can be triggered by providing a specially crafted binary file, resulting in a potential Denial of Service condition, thereby hindering the application's availability.

References

https://github.com/radareorg/radare2/issues/20354

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2022
Vulnerability Reserved
Jun 26, 2022

CVE-2022-34520 Data

JSON