CVE-2022-0523

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0523

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0523.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-0523

Downstream

UBUNTU-CVE-2022-0523

openSUSE-SU-2024:12173-1

Related

Published

2022-02-08T21:15:20Z

Modified

2025-09-19T13:31:54.141863Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type: GIT
Repo: https://github.com/radare/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2984f4d4600b1fd6835da926dc7c4cefb7f0dee5

Type: GIT
Repo: https://github.com/radareorg/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

35482cb760db10f87a62569e2f8872dbd95e9269

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.4-termux4

0.10.5

0.10.6

0.8.6

0.8.8

0.9

0.9.2

0.9.4

0.9.6

0.9.7

0.9.8

0.9.8-rc1

0.9.8-rc2

0.9.8-rc3

0.9.8-rc4

0.9.9

1.*

1.0

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.0-git

1.3.0

1.3.0-git

1.4.0

1.5.0

1.6.0

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.4.0

2.5.0

2.6.0

2.6.9

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.2.0

3.2.1

3.3.0

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.7.0

3.7.1

3.8.0

3.9.0

4.*

4.0.0

4.1.0

4.1.1

4.2.0

4.2.1

4.3.0

4.3.1

4.4.0

4.5.1

5.*

5.0.0

5.1.0

5.1.1

5.2.0

5.2.1

5.3.0

5.3.1

5.4.0

5.4.0-git

5.4.2

5.5.0

5.5.2

5.5.4

5.6.0

Other

Continuous-Windows

continuous

radare2-windows-nightly

termux

release-5.*

release-5.0.0

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
            "digest": {
                "length": 370.0,
                "function_hash": "97295148045950500968326683884068910371"
            },
            "target": {
                "file": "libr/bin/format/pyc/marshal.c",
                "function": "get_tuple_object"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false,
            "id": "CVE-2022-0523-4c36e853"
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
            "digest": {
                "line_hashes": [
                    "293727422535202617895383407783017198569",
                    "264163961760747840571429225583263025979",
                    "165937378954848157708853266626315208318",
                    "75760314440260123239169564904445606158",
                    "210782434608783955045527528521402825479",
                    "251568024871745605684664953905122434573",
                    "208328346405654080179645517128511237018",
                    "287823578300372207018630521802494164914",
                    "63009682538495721862176305071803667294",
                    "128155552306441570014759415757932777179",
                    "288100369251636808062968985660504505108",
                    "8519717775634426949666621371581194840",
                    "32741703773483601327397761608495655017",
                    "280140985112294698552807610720543353659",
                    "294445125258170486320453571111567492390",
                    "225661646994153582363861967389127760384",
                    "32291034303475675804933380647166110978",
                    "324627410762160597750426691354495637118",
                    "31585626718586877329406188339968528656",
                    "70687536444777248803891944871279310458",
                    "319052288496295901069302146767206075417",
                    "296936639833541420501263591692984749254",
                    "335577076561040491898468313983432779290",
                    "8854524195734121462467736974959539283",
                    "115335964830696938063083198997896737995",
                    "66887560086296037576943116635466263250",
                    "310167443691765431381962578909927428670",
                    "22958912243189152104902136280773604338",
                    "40436664802180461236910653687604877191",
                    "336369137990238285336737752783758983137",
                    "229125201511618890658624388566826641424",
                    "49605436443210952100744935210392571990",
                    "72119575329057906136985928345014829720",
                    "167910847282401476820486019977879116923",
                    "330564861602285046827789454511390370467",
                    "282920007042471561552314790593016510591",
                    "212451962409644749603772815030802434080",
                    "85555974951672182440468752442728308573",
                    "8854524195734121462467736974959539283",
                    "115335964830696938063083198997896737995",
                    "50608941391670546935942001209949643632",
                    "334946973435615264496913880368371869305",
                    "117521353539636152169526778545776636965",
                    "11196545736857516228346445553998800069",
                    "275228305583355714768916114512269698035",
                    "209044808331406661783033320279832880969",
                    "22958912243189152104902136280773604338",
                    "114106147731106391921743995255123352943",
                    "220772859742150029879297031150682495310",
                    "90994947700462712811672406445841003652",
                    "252371138486984669652578985077860700488",
                    "11363241053108271623670843842984775806",
                    "104603064018541558509344200770336253808",
                    "49387745445982285040796618061456053302"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "libr/bin/format/pyc/marshal.c"
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false,
            "id": "CVE-2022-0523-ab6bd78a"
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
            "digest": {
                "length": 358.0,
                "function_hash": "98296991241086589667022765193768710713"
            },
            "target": {
                "file": "libr/bin/format/pyc/marshal.c",
                "function": "get_set_object"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false,
            "id": "CVE-2022-0523-cfdfe7e7"
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
            "digest": {
                "length": 564.0,
                "function_hash": "124109134048803506086866682300517732704"
            },
            "target": {
                "file": "libr/bin/format/pyc/marshal.c",
                "function": "get_array_object_generic"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false,
            "id": "CVE-2022-0523-db9e160e"
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
            "digest": {
                "length": 368.0,
                "function_hash": "33148917372708974727669236739538333232"
            },
            "target": {
                "file": "libr/bin/format/pyc/marshal.c",
                "function": "get_list_object"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false,
            "id": "CVE-2022-0523-e30dadcc"
        }
    ]
}