CVE-2022-1714

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1714
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1714.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-1714
Downstream
Related
Published
2022-05-13T15:15:08Z
Modified
2025-09-19T13:31:05.073496Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0

2.*

2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0

3.*

3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0

4.*

4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1

5.*

5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0
5.6.2
5.6.4
5.6.6
5.6.8

Other

Continuous-Windows
continuous
radare2-windows-nightly
termux
wip

release-5.*

release-5.0.0

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2022-1714-0bbd91b3",
            "target": {
                "file": "libr/anal/p/anal_msp430.c",
                "function": "msp430_op"
            },
            "digest": {
                "function_hash": "86324720542616966538298809989952954510",
                "length": 2300.0
            },
            "deprecated": false
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
            "signature_version": "v1",
            "signature_type": "Line",
            "id": "CVE-2022-1714-1a81213b",
            "target": {
                "file": "libr/anal/p/anal_msp430.c"
            },
            "digest": {
                "line_hashes": [
                    "177417420579055144394241084821437040577",
                    "316444613106847349041005341136267835092",
                    "182316125175454606487457047459244555623",
                    "111343632919560298671967367164740468290",
                    "295967483295657283756275915491890524548",
                    "162898000929316584994976621288680099895",
                    "219401292126605951482239583638923644147",
                    "116414065711161518329353367765197210694",
                    "211039599017630820399324571161879430509",
                    "6427291116859862966166136463419104043",
                    "242241906878385988863078182647047410595",
                    "122413304198114382959097985749333433887",
                    "85083449105094537788512719694610272613",
                    "275827756013276095648674014237311314121",
                    "211900180249461324709323700273858330568",
                    "265699316768205438128819352305495310536",
                    "174989389388727727712459043171783902291",
                    "318637843056572209997652457242439548628"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2022-1714-1e00c1ec",
            "target": {
                "file": "libr/anal/p/anal_msp430.c",
                "function": "set_reg_profile"
            },
            "digest": {
                "function_hash": "69716726496199809416301271541006319754",
                "length": 712.0
            },
            "deprecated": false
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
            "signature_version": "v1",
            "signature_type": "Line",
            "id": "CVE-2022-1714-4adec5d8",
            "target": {
                "file": "libr/bin/format/elf/elf.c"
            },
            "digest": {
                "line_hashes": [
                    "254617247104868186844192770408072220950",
                    "87869596823553643502033248481197262543",
                    "47526748355868028490033943719113112847",
                    "24510545665116993267753243688094167332",
                    "298739571355266267353506506557690280951",
                    "84954755610123429458139174673203025767",
                    "53577395744582064512604227672613925624",
                    "110921778084438576425307398478203293286",
                    "271311616370604620348914897342240029434",
                    "285981489581680649568822597982897728667",
                    "226121614547176307990005782546670869442",
                    "277162572562165455444951712939739772684",
                    "153258959888864301105225015159574632649",
                    "256322387781634955181709427114388514286",
                    "90687406599343244094888287244743847044",
                    "251469199098049864606556685406598840382",
                    "269734903100459971282103569214964052804",
                    "24848229392105679954685488934872390325",
                    "296531087670129702781003156922784792173",
                    "25087836321098354922765154305020193979",
                    "151302918598491986830068005401819404310",
                    "181409338324684818843067937931838910478",
                    "330110772908732170932782961800792331446",
                    "240890317687206490838760563035536269231",
                    "236275475525474109517213818920489565822",
                    "12087751171903691860139710277192157337",
                    "31132804784473313244188196564552852928",
                    "153266041978674641322616006168320829634"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2022-1714-c6be0e2c",
            "target": {
                "file": "libr/bin/format/elf/elf.c",
                "function": "init_strtab"
            },
            "digest": {
                "function_hash": "88141985908956491779125131748884513398",
                "length": 1553.0
            },
            "deprecated": false
        },
        {
            "source": "https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e",
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2022-1714-f6b2a774",
            "target": {
                "file": "libr/bin/format/elf/elf.c",
                "function": "init_shdr"
            },
            "digest": {
                "function_hash": "185740228385775914755550912233697238716",
                "length": 2888.0
            },
            "deprecated": false
        }
    ]
}