CVE-2022-1452

Published: Apr 24, 2022

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.0

7.1

HIGH

Description

Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).

Vendor	Product	Versions
radareorg	radareorg/radare2	affected `unspecified - < 5.7.0`

Weaknesses (CWE)

CWE-125

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

References

https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6

x_refsource_CONFIRM

https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-1452

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References