CVE-2022-1452

NameCVE-2022-1452
DescriptionOut-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1014478

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
radare2 (PTS)jessie0.9.6-3.1+deb8u1vulnerable
trixie5.9.4+dfsg-1fixed
sid5.9.8+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
radare2sourcejessie(unfixed)end-of-life
radare2source(unstable)5.9.0+dfsg-11014478

Notes

https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6
https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168

Search for package or bug name: Reporting problems