CVE-2022-1296

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1296

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1296.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1296

Downstream

UBUNTU-CVE-2022-1296

openSUSE-SU-2024:12173-1

Related

openSUSE-SU-2024:12173-1

Published

2022-04-11T12:15:16Z

Modified

2025-10-20T04:15:08.637465Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

Out-of-bounds read in r_bin_ne_get_relocs function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type: GIT
Repo: https://github.com/radare/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d94100d386e8bc349b500af309e1880447a1e9da

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.4-termux4

0.10.5

0.10.6

0.8.6

0.8.8

0.9

0.9.2

0.9.4

0.9.6

0.9.7

0.9.8

0.9.8-rc1

0.9.8-rc2

0.9.8-rc3

0.9.8-rc4

0.9.9

1.*

1.0

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.0-git

1.3.0

1.3.0-git

1.4.0

1.5.0

1.6.0

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.4.0

2.5.0

2.6.0

2.6.9

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.2.0

3.2.1

3.3.0

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.7.0

3.7.1

3.8.0

3.9.0

4.*

4.0.0

4.1.0

4.1.1

4.2.0

4.2.1

4.3.0

4.3.1

4.4.0

4.5.1

5.*

5.0.0

5.1.0

5.1.1

5.2.0

5.2.1

5.3.0

5.3.1

5.4.0

5.4.0-git

5.4.2

5.5.0

5.5.2

5.5.4

5.6.0

5.6.2

5.6.4

5.6.6

Other

Continuous-Windows

continuous

radare2-windows-nightly

termux

release-5.*

release-5.0.0

Git / github.com/radareorg/radare2

Affected ranges

Type: GIT
Repo: https://github.com/radareorg/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

153bcdc29f11cd8c90e7d639a7405450f644ddb6

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.4-termux4

0.10.5

0.10.6

0.8.6

0.8.8

0.9

0.9.2

0.9.4

0.9.6

0.9.7

0.9.8

0.9.8-rc1

0.9.8-rc2

0.9.8-rc3

0.9.8-rc4

0.9.9

1.*

1.0

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.0-git

1.3.0

1.3.0-git

1.4.0

1.5.0

1.6.0

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.4.0

2.5.0

2.6.0

2.6.9

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.2.0

3.2.1

3.3.0

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.7.0

3.7.1

3.8.0

3.9.0

4.*

4.0.0

4.1.0

4.1.1

4.2.0

4.2.1

4.3.0

4.3.1

4.4.0

4.5.1

5.*

5.0.0

5.1.0

5.1.1

5.2.0

5.2.1

5.3.0

5.3.1

5.4.0

5.4.0-git

5.4.2

5.5.0

5.5.2

5.5.4

5.6.0

5.6.2

5.6.4

5.6.6

Other

Continuous-Windows

continuous

radare2-windows-nightly

termux

release-5.*

release-5.0.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6",
        "digest": {
            "function_hash": "45353077030119771147848019648326127766",
            "length": 3556.0
        },
        "target": {
            "file": "libr/bin/format/ne/ne.c",
            "function": "r_bin_ne_get_relocs"
        },
        "signature_version": "v1",
        "id": "CVE-2022-1296-155c7d74",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6",
        "digest": {
            "line_hashes": [
                "313238745765593098916398371711611719026",
                "306648862899497851804576248154066084456",
                "224886860593965870518900364860224731092",
                "206353123846202101087054173219497742429",
                "33837079059490126368184597830562815461",
                "219685919090454224612760770092710323833",
                "18616212581941976893637823208684065744",
                "147373872195554700772786509833709192973",
                "15049122665883801613507258417387426409",
                "4222435847847437044790547882485538168",
                "96892658222730442769168367965590849103",
                "201174699255039164957541516658959022695",
                "186758346903796486806344498577008208727",
                "14627559400167382318230096722818527534",
                "158952365053033429299240922740344980766",
                "77798025342715016000801823701862325383",
                "248347293050302858997366077988840695623",
                "49188126368376326805008878061390345111",
                "14665326296755929627872560705706699624",
                "50407436246073629043922189036637297222",
                "1524330767428124145659717984431613254",
                "267851659324124286956992050207399688444",
                "127697133890691776271841099389800680542",
                "159805372102998391665718571285202793650",
                "213141963446448432678786400799141927693",
                "291515990195204007982964134198196681483",
                "213442907298489013778599891597321996085"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libr/bin/format/ne/ne.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-1296-1d2a07ad",
        "signature_type": "Line",
        "deprecated": false
    }
]