CVE-2022-1451

2022-04-2400:00:00

ubuntu.com

cve-2022-1451

github repository

out-of-bounds read

r_bin_java_constant_value_attr_new function

cwe-125

sensitive information

memory locations

crash

unix

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

43.5%

JSON

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub
repository radareorg/radare2 prior to 5.7.0. The bug causes the program
reads data past the end 2f the intented buffer. Typically, this can allow
attackers to read sensitive information from other memory locations or
cause a crash. More details see CWE-125: Out-of-bounds
read.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchradare2< anyUNKNOWN
ubuntu20.04noarchradare2< anyUNKNOWN
ubuntu24.04noarchradare2< anyUNKNOWN
ubuntu16.04noarchradare2< anyUNKNOWN