CVE-2022-1649 — Vulnetix

CVE-2022-1649 PUBLISHED CVSS 7.599999904632568 HIGH

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).

EPSS 0.17% · 37.5th percentile

Risk Scores

CVSS v3.0

7.599999904632568

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS Score

0.17%

37.5th percentile

Affected Products

Vendor	Product	Versions
radare	radare2	0
radareorg	radareorg/radare2	unspecified

Timeline

May 10, 2022 EPSS Score
May 10, 2022 CVE Published
May 10, 2022 PoC Published
Jun 28, 2022 EPSS Score
Aug 17, 2022 EPSS Score
Oct 6, 2022 EPSS Score
Nov 24, 2022 EPSS Score
Jan 12, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 21, 2023 EPSS Score
Jun 9, 2023 EPSS Score

References

https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449 url
https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1 url
https://nvd.nist.gov/vuln/detail/CVE-2022-1649 advisory

Open in Interactive Console →