CVE-2022-1451
HIGHradare2 < 5.7.0 - Out-of-bounds Read in r_bin_java_constant_value_attr_new
Title source: llmDescription
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
Patch, Third Party Advisory x_refsource_misc
https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
Scores
CVSS v3
7.1
EPSS
0.0075
EPSS Percentile
50.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
CWE-788
Status
published
Products (1)
radare/radare2
< 5.7.0
Published
Apr 24, 2022
Tracked Since
Feb 18, 2026