CVE-2022-1437

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1437

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1437.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1437

Related

Published

2022-04-22T15:15:07Z

Modified

2024-10-12T08:52:42.262535Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

References

Affected packages

Debian:13 / radare2

Package

Name: radare2
Purl: pkg:deb/debian/radare2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.9.0+dfsg-1

Affected versions

0.*

0.6-1

0.7-1

0.7-2

0.7-3

0.8.1-1

0.8.8-1

0.8.8-2

0.9-1

0.9-2

0.9-3

0.9.4-1

0.9.4-2

0.9.6-1

0.9.6-2

0.9.6-3

0.9.6-3.1

0.10.5+dfsg-1

0.10.5+dfsg1-1

0.10.6+dfsg-1

1.*

1.0+dfsg-1

1.0.2+dfsg-1

1.1.0+dfsg-1

1.1.0+dfsg-2

1.1.0+dfsg-3

1.1.0+dfsg-4

1.1.0+dfsg-5

1.2.0+dfsg-1

1.2.1+dfsg-1

1.2.1+dfsg-2

1.2.1+dfsg-3

1.2.1+dfsg-4

1.2.1+dfsg-5

1.3.0+dfsg-1

1.3.0+dfsg-2

1.4.0+dfsg-1

1.5.0+dfsg-1

1.6.0+dfsg-1

2.*

2.0.0+dfsg-1

2.1.0+dfsg-1

2.3.0+dfsg-1

2.3.0+dfsg-2

2.4.0+dfsg-1

2.6.0+dfsg-1

2.7.0+dfsg-1

2.8.0+dfsg-1

2.9.0+dfsg-1

3.*

3.0.0+dfsg-1

3.0.1+dfsg-1

3.1.0+dfsg-1

3.1.2+dfsg-1

3.1.2+dfsg-1.1

3.2.1+dfsg-1

3.2.1+dfsg-2

3.2.1+dfsg-3

3.2.1+dfsg-4

3.2.1+dfsg-5

3.8.0+dfsg-1

3.9.0+dfsg-1

4.*

4.0.0+dfsg-1

4.2.1+dfsg-1

4.2.1+dfsg-2

4.3.1+dfsg-1

5.*

5.0.0+dfsg-1

5.5.0+dfsg-1

5.5.0+dfsg-1.1~exp1

5.5.0+dfsg-1.1

5.8.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/radare/radare2

Affected ranges

Type: GIT
Repo: https://github.com/radare/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

09569c1d5c324df7f23bdc9ad864ac1c25925745

Type: GIT
Repo: https://github.com/radareorg/radare2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

669a404b6d98d5db409a5ebadae4e94b34ef5136

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.4-termux4

0.10.5

0.10.6

0.8.6

0.8.8

0.9

0.9.2

0.9.4

0.9.6

0.9.7

0.9.8

0.9.8-rc1

0.9.8-rc2

0.9.8-rc3

0.9.8-rc4

0.9.9

1.*

1.0

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.0-git

1.3.0

1.3.0-git

1.4.0

1.5.0

1.6.0

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.4.0

2.5.0

2.6.0

2.6.9

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.2.0

3.2.1

3.3.0

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.7.0

3.7.1

3.8.0

3.9.0

4.*

4.0.0

4.1.0

4.1.1

4.2.0

4.2.1

4.3.0

4.3.1

4.4.0

4.5.1

5.*

5.0.0

5.1.0

5.1.1

5.2.0

5.2.1

5.3.0

5.3.1

5.4.0

5.4.0-git

5.4.2

5.5.0

5.5.2

5.5.4

5.6.0

5.6.2

5.6.4

5.6.6

5.6.8

Other

Continuous-Windows

continuous

radare2-windows-nightly

termux

wip

release-5.*

release-5.0.0