CVE-2022-1451

HIGH

Radare2 < 5.7.0 - Out-of-Bounds Access

Title source: rule

Description

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).

References (2)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7

[Patch, Third Party Advisory] https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529

Scores

CVSS v3 7.1

EPSS 0.0028

EPSS Percentile 51.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE

CWE-125 CWE-788

Status published

Products (1)

radare/radare2 < 5.7.0

Published Apr 24, 2022

Tracked Since Feb 18, 2026