CVE-2022-0521

HIGH

radare2 <5.6.2 - Use After Free

Title source: llm

Description

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

References (4)

[Patch, Third Party Advisory] https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5

View Patch ZIP pw:eip

[Exploit, Patch, Third Party Advisory] https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D/

Scores

CVSS v3 7.1

EPSS 0.0036

EPSS Percentile 57.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE

CWE-119 CWE-788

Status published

Products (3)

fedoraproject/fedora 35

fedoraproject/fedora 36

radare/radare2 < 5.6.2

Published Feb 08, 2022

Tracked Since Feb 18, 2026