CVE-2022-1207
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-1207
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1207.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-1207
- Downstream
- Related
- Published
- 2022-04-01T19:15:07Z
- Modified
- 2025-10-24T04:33:26.068960Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.
- References
Affected packages
Git / github.com/radare/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radare/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0
4.*
4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1
5.*
5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0
5.6.2
5.6.4
5.6.6
Other
Continuous-Windows
continuous
radare2-windows-nightly
termux
release-5.*
release-5.0.0
Git / github.com/radare/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0
4.*
4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1
5.*
5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0
5.6.2
5.6.4
5.6.6
Other
Continuous-Windows
continuous
radare2-windows-nightly
termux
release-5.*
release-5.0.0
Database specific
vanir_signatures
[
{
"source": "https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1",
"id": "CVE-2022-1207-05ffd007",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "set_reg_profile",
"file": "libr/anal/p/anal_cris.c"
},
"digest": {
"function_hash": "277295620306164828930023546320268928138",
"length": 628.0
}
},
{
"source": "https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1",
"id": "CVE-2022-1207-7b41080a",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libr/anal/p/anal_cris.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"190192512132637055350299318901585789839",
"250300565185148120707320668039564136968",
"190330392181163640291737804494317739174",
"207130632129305823522918978274931817695",
"41113995969819342253784336296906120121",
"325411645132126259192723466222719368584",
"46261025945451579018169241148570364907",
"148036384775063951233554411948472362771",
"78548268191722656858839338965825537963",
"243052376339074451838785187119697618171",
"147508746407650566228803676514174340482",
"55897616101428406116874925352806804231",
"72637479541186468665508766070483624219",
"80030022846734303284197580268490258335",
"303609172072754152085877300862111413080",
"150535019655756578411173088940822680977",
"223946840268991390998035533338500079785",
"111973189146273097155170576867882212987",
"167757391256122146170090265271390371111",
"259857987794466622829625963564327758218",
"19162951266223998327807982407256900171",
"38222671684873447702211062909990761753",
"117880743765591602302856226769401892697",
"161182019022907779644847463113278552889",
"339877141638137870196361257506237381823",
"159202311479702144177224427623830593168",
"128240151835169054138260455269600601061",
"2554853706126777355487104910977450788",
"156947812675833567190270293432726935238",
"249282335473814554627906300753641363105",
"202462387408920765190014958728442999409",
"334027287118738347949135648816346655977",
"117744058062399611495222347691355834461",
"103196578867692114280079006495709436325",
"240949981239470662318103698497463012104",
"210933192623490234152020017092203260314",
"129919297218449212595971210237068438068"
]
}
},
{
"source": "https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1",
"id": "CVE-2022-1207-bf590cb6",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "analop",
"file": "libr/anal/p/anal_cris.c"
},
"digest": {
"function_hash": "125174365622696506699671119889092668861",
"length": 3852.0
}
}
]