Description
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038
Patch, Third Party Advisory x_refsource_misc
https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136
Scores
CVSS v3
7.1
EPSS
0.0025
EPSS Percentile
48.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (1)
radare/radare2
< 5.7.0
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026