Lucene search

@huntrdevCVELIST:CVE-2022-0522

HistoryFeb 08, 2022 - 8:55 p.m.

CVE-2022-0522 Access of Memory Location Before Start of Buffer in radareorg/radare2

2022-02-0820:55:10

CWE-786

@huntrdev

www.cve.org

memory access bufferoverflow npm radareorg/radare2 nodepackagemanager cve-2022-0522

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON

Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.

CNA Affected

[
  {
    "product": "radareorg/radare2",
    "vendor": "radareorg",
    "versions": [
      {
        "lessThan": "5.6.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d6

huntr.dev/bounties/2d45e589-d614-4875-bba1-be0f729e7ca9

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/