CVE-2022-0523

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0523
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0523.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0523
Downstream
Related
Published
2022-02-08T21:15:20Z
Modified
2025-10-26T04:12:23.552492Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2984f4d4600b1fd6835da926dc7c4cefb7f0dee5

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0

2.*

2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0

3.*

3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0

4.*

4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1

5.*

5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0

Other

Continuous-Windows
continuous
radare2-windows-nightly
termux

release-5.*

release-5.0.0

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
35482cb760db10f87a62569e2f8872dbd95e9269

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0

2.*

2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0

3.*

3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0

4.*

4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1

5.*

5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0

Other

Continuous-Windows
continuous
radare2-windows-nightly
termux

release-5.*

release-5.0.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2022-0523-4c36e853",
        "target": {
            "function": "get_tuple_object",
            "file": "libr/bin/format/pyc/marshal.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
        "digest": {
            "function_hash": "97295148045950500968326683884068910371",
            "length": 370.0
        }
    },
    {
        "signature_type": "Line",
        "id": "CVE-2022-0523-ab6bd78a",
        "target": {
            "file": "libr/bin/format/pyc/marshal.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
        "digest": {
            "line_hashes": [
                "293727422535202617895383407783017198569",
                "264163961760747840571429225583263025979",
                "165937378954848157708853266626315208318",
                "75760314440260123239169564904445606158",
                "210782434608783955045527528521402825479",
                "251568024871745605684664953905122434573",
                "208328346405654080179645517128511237018",
                "287823578300372207018630521802494164914",
                "63009682538495721862176305071803667294",
                "128155552306441570014759415757932777179",
                "288100369251636808062968985660504505108",
                "8519717775634426949666621371581194840",
                "32741703773483601327397761608495655017",
                "280140985112294698552807610720543353659",
                "294445125258170486320453571111567492390",
                "225661646994153582363861967389127760384",
                "32291034303475675804933380647166110978",
                "324627410762160597750426691354495637118",
                "31585626718586877329406188339968528656",
                "70687536444777248803891944871279310458",
                "319052288496295901069302146767206075417",
                "296936639833541420501263591692984749254",
                "335577076561040491898468313983432779290",
                "8854524195734121462467736974959539283",
                "115335964830696938063083198997896737995",
                "66887560086296037576943116635466263250",
                "310167443691765431381962578909927428670",
                "22958912243189152104902136280773604338",
                "40436664802180461236910653687604877191",
                "336369137990238285336737752783758983137",
                "229125201511618890658624388566826641424",
                "49605436443210952100744935210392571990",
                "72119575329057906136985928345014829720",
                "167910847282401476820486019977879116923",
                "330564861602285046827789454511390370467",
                "282920007042471561552314790593016510591",
                "212451962409644749603772815030802434080",
                "85555974951672182440468752442728308573",
                "8854524195734121462467736974959539283",
                "115335964830696938063083198997896737995",
                "50608941391670546935942001209949643632",
                "334946973435615264496913880368371869305",
                "117521353539636152169526778545776636965",
                "11196545736857516228346445553998800069",
                "275228305583355714768916114512269698035",
                "209044808331406661783033320279832880969",
                "22958912243189152104902136280773604338",
                "114106147731106391921743995255123352943",
                "220772859742150029879297031150682495310",
                "90994947700462712811672406445841003652",
                "252371138486984669652578985077860700488",
                "11363241053108271623670843842984775806",
                "104603064018541558509344200770336253808",
                "49387745445982285040796618061456053302"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "id": "CVE-2022-0523-cfdfe7e7",
        "target": {
            "function": "get_set_object",
            "file": "libr/bin/format/pyc/marshal.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
        "digest": {
            "function_hash": "98296991241086589667022765193768710713",
            "length": 358.0
        }
    },
    {
        "signature_type": "Function",
        "id": "CVE-2022-0523-db9e160e",
        "target": {
            "function": "get_array_object_generic",
            "file": "libr/bin/format/pyc/marshal.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
        "digest": {
            "function_hash": "124109134048803506086866682300517732704",
            "length": 564.0
        }
    },
    {
        "signature_type": "Function",
        "id": "CVE-2022-0523-e30dadcc",
        "target": {
            "function": "get_list_object",
            "file": "libr/bin/format/pyc/marshal.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269",
        "digest": {
            "function_hash": "33148917372708974727669236739538333232",
            "length": 368.0
        }
    }
]