CVE-2022-1296 — Vulnetix

CVE-2022-1296 PUBLISHED CVSS 6.599999904632568 MEDIUM

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

EPSS 0.28% · 51.9th percentile

Risk Scores

CVSS v3.0

6.599999904632568

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS Score

0.28%

51.9th percentile

Affected Products

Vendor	Product	Versions
radare	radare2	0
radareorg	radareorg/radare2	unspecified

Timeline

Apr 11, 2022 CVE Published
Apr 11, 2022 PoC Published
Apr 12, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 22, 2022 EPSS Score
Sep 11, 2022 EPSS Score
Oct 31, 2022 EPSS Score
Dec 20, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 30, 2023 EPSS Score
May 20, 2023 EPSS Score

References

https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0 url
https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6 url
https://nvd.nist.gov/vuln/detail/CVE-2022-1296 advisory

Open in Interactive Console →