CVE-2022-1714

Source
https://cve.org/CVERecord?id=CVE-2022-1714
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1714.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-1714
Downstream
Related
Published
2022-05-13T00:00:00Z
Modified
2026-07-09T06:49:29.492108Z
Severity
  • 7.9 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L CVSS Calculator
Summary
Out-of-bounds Read in radareorg/radare2
Details

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1714.json",
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-125"
    ]
}
References

Affected packages

Git / github.com/radareorg/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.7.0"
        }
    ],
    "cpe": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0
4.*
4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1
5.*
5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0
5.6.2
5.6.4
5.6.6
5.6.8
Other
Continuous-Windows
continuous
radare2-windows-nightly
termux
wip
release-5.*
release-5.0.0

Database specific

vanir_signatures
[
    {
        "id": "CVE-2022-1714-0bbd91b3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "86324720542616966538298809989952954510",
            "length": 2300.0
        },
        "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
        "target": {
            "file": "libr/anal/p/anal_msp430.c",
            "function": "msp430_op"
        }
    },
    {
        "id": "CVE-2022-1714-1a81213b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "177417420579055144394241084821437040577",
                "316444613106847349041005341136267835092",
                "182316125175454606487457047459244555623",
                "111343632919560298671967367164740468290",
                "295967483295657283756275915491890524548",
                "162898000929316584994976621288680099895",
                "219401292126605951482239583638923644147",
                "116414065711161518329353367765197210694",
                "211039599017630820399324571161879430509",
                "6427291116859862966166136463419104043",
                "242241906878385988863078182647047410595",
                "122413304198114382959097985749333433887",
                "85083449105094537788512719694610272613",
                "275827756013276095648674014237311314121",
                "211900180249461324709323700273858330568",
                "265699316768205438128819352305495310536",
                "174989389388727727712459043171783902291",
                "318637843056572209997652457242439548628"
            ]
        },
        "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
        "target": {
            "file": "libr/anal/p/anal_msp430.c"
        }
    },
    {
        "id": "CVE-2022-1714-1e00c1ec",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "69716726496199809416301271541006319754",
            "length": 712.0
        },
        "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
        "target": {
            "file": "libr/anal/p/anal_msp430.c",
            "function": "set_reg_profile"
        }
    },
    {
        "id": "CVE-2022-1714-4adec5d8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "254617247104868186844192770408072220950",
                "87869596823553643502033248481197262543",
                "47526748355868028490033943719113112847",
                "24510545665116993267753243688094167332",
                "298739571355266267353506506557690280951",
                "84954755610123429458139174673203025767",
                "53577395744582064512604227672613925624",
                "110921778084438576425307398478203293286",
                "271311616370604620348914897342240029434",
                "285981489581680649568822597982897728667",
                "226121614547176307990005782546670869442",
                "277162572562165455444951712939739772684",
                "153258959888864301105225015159574632649",
                "256322387781634955181709427114388514286",
                "90687406599343244094888287244743847044",
                "251469199098049864606556685406598840382",
                "269734903100459971282103569214964052804",
                "24848229392105679954685488934872390325",
                "296531087670129702781003156922784792173",
                "25087836321098354922765154305020193979",
                "151302918598491986830068005401819404310",
                "181409338324684818843067937931838910478",
                "330110772908732170932782961800792331446",
                "240890317687206490838760563035536269231",
                "236275475525474109517213818920489565822",
                "12087751171903691860139710277192157337",
                "31132804784473313244188196564552852928",
                "153266041978674641322616006168320829634"
            ]
        },
        "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
        "target": {
            "file": "libr/bin/format/elf/elf.c"
        }
    },
    {
        "id": "CVE-2022-1714-c6be0e2c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "88141985908956491779125131748884513398",
            "length": 1553.0
        },
        "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
        "target": {
            "file": "libr/bin/format/elf/elf.c",
            "function": "init_strtab"
        }
    },
    {
        "id": "CVE-2022-1714-f6b2a774",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "185740228385775914755550912233697238716",
            "length": 2888.0
        },
        "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
        "target": {
            "file": "libr/bin/format/elf/elf.c",
            "function": "init_shdr"
        }
    }
]
vanir_signatures_modified
"2026-07-09T06:49:29Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1714.json"