Description
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
Exploit, Patch, Third Party Advisory
https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
Scores
CVSS v3
7.1
EPSS
0.0013
EPSS Percentile
32.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (1)
radare/radare2
< 5.7.0
Published
May 13, 2022
Tracked Since
Feb 18, 2026