CVE-2022-1437 — Vulnetix

CVE-2022-1437 PUBLISHED CVSS 5.300000190734863 MEDIUM

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

EPSS 0.25% · 48.6th percentile

Risk Scores

CVSS v3.0

5.300000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.25%

48.6th percentile

Affected Products

Vendor	Product	Versions
radareorg	radareorg/radare2	unspecified
radare	radare2	0

Timeline

Apr 22, 2022 CVE Published
Apr 22, 2022 PoC Published
Apr 23, 2022 EPSS Score
Jun 12, 2022 EPSS Score
Aug 2, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 9, 2022 EPSS Score
Dec 29, 2022 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 8, 2023 EPSS Score
May 28, 2023 EPSS Score

References

https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038 url
https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136 url
https://nvd.nist.gov/vuln/detail/CVE-2022-1437 advisory

Open in Interactive Console →