CVE-2022-1207

2022-04-01T19:15:00

Description

Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

Affected Package

OS	OS Version	Package Name	Package Version
Alpine	edge-community	radare2	5.6.8-r0
Alpine	3.18-community	radare2	5.6.8-r0
Alpine	3.19-community	radare2	5.6.8-r0

{"id": "ALPINE:CVE-2022-1207", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2022-1207", "description": "Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.", "published": "2022-04-01T19:15:00", "modified": "2022-04-08T16:53:00", "epss": [{"cve": "CVE-2022-1207", "epss": 0.00073, "percentile": 0.30113, "modified": "2023-12-06"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 4.7}, "href": "https://security.alpinelinux.org/vuln/CVE-2022-1207", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2022-1207"], "immutableFields": [], "lastseen": "2023-12-07T16:20:47", "viewCount": 32, "enchantments": {"score": {"value": 4.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-1207"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-1207"]}, {"type": "huntr", "idList": ["7B979E76-AE54-4132-B455-0833E45195EB"]}, {"type": "prion", "idList": ["PRION:CVE-2022-1207"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-1207"]}, {"type": "veracode", "idList": ["VERACODE:38612"]}]}, "epss": [{"cve": "CVE-2022-1207", "epss": "0.000520000", "percentile": "0.185700000", "modified": "2023-03-19"}], "vulnersScore": 4.2}, "_state": {"score": 1701966111, "dependencies": 1701966185, "epss": 0}, "_internal": {"score_hash": "8e374d9f004b247d03d794ebcfd93101"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "5.6.8-r0", "operator": "lt", "packageName": "radare2"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "5.6.8-r0", "operator": "lt", "packageName": "radare2"}, {"OS": "Alpine", "OSVersion": "3.19-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "5.6.8-r0", "operator": "lt", "packageName": "radare2"}]}

{"veracode": [{"lastseen": "2023-12-06T14:47:03", "description": "radare2 is vulnerable to denial of service. The vulnerability exists due to the out-of-bounds read in the library, allowing an attacker to read sensitive information or cause an application crash \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2022-12-25T13:30:52", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1207"], "modified": "2023-01-04T02:14:00", "id": "VERACODE:38612", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38612/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "huntr": [{"lastseen": "2023-10-30T15:22:48", "description": "# Description\nOut-of-bounds (OOB) read vulnerability exists in analop function in Radare2 5.6.7\n\n# Version\n\n```bash\nradare2 5.6.7 27722 @ linux-x86-64 git.5.6.6\ncommit: e876eef2a2f758157dd6028fb01809bcedacf00f build: 2022-04-01__07:03:35\n```\n\n # Proof of Concept\n```bash\nradare2 -q -A poc\n```\n[poc](https://www.mediafire.com/file/f2mi0evl1uwepjl/poc/file)\n\n\n\n# ASAN\n\n```bash\n==2143069==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000a2a17 at pc 0x7fabd14c6e67 bp 0x7ffcf252a750 sp 0x7ffcf252a748\nREAD of size 1 at 0x6020000a2a17 thread T0 \n #0 0x7fabd14c6e66 in analop /root/fuzzing/radare2_fuzzing/radare2/libr/..//libr/anal/p/anal_cris.c:65\n #1 0x7fabd15ee0b7 in r_anal_op /root/fuzzing/radare2_fuzzing/radare2/libr/anal/op.c:120\n #2 0x7fabd2edd954 in anal_block_cb /root/fuzzing/radare2_fuzzing/radare2/libr/core/canal.c:3502\n #3 0x7fabd1618bab in r_anal_block_recurse_depth_first /root/fuzzing/radare2_fuzzing/radare2/libr/anal/block.c:531\n #4 0x7fabd2ede480 in r_core_recover_vars /root/fuzzing/radare2_fuzzing/radare2/libr/core/canal.c:3553\n #5 0x7fabd2cf8d40 in r_core_af /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:3894\n #6 0x7fabd2ee2f29 in r_core_anal_all /root/fuzzing/radare2_fuzzing/radare2/libr/core/canal.c:4251\n #7 0x7fabd2d33ac1 in cmd_anal_all /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:11125\n #8 0x7fabd2d3bc5b in cmd_anal /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:12330\n #9 0x7fabd2eb7d8a in r_cmd_call /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_api.c:531\n #10 0x7fabd2dece8c in r_core_cmd_subst_i /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:4478\n #11 0x7fabd2de4103 in r_core_cmd_subst /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:3364\n #12 0x7fabd2df3792 in run_cmd_depth /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:5366\n #13 0x7fabd2df4002 in r_core_cmd /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:5449\n #14 0x7fabd2df4b2c in r_core_cmd0 /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:5606\n #15 0x7fabd54f93ca in r_main_radare2 /root/fuzzing/radare2_fuzzing/radare2/libr/main/radare2.c:1397\n #16 0x5652f8dde5f8 in main /root/fuzzing/radare2_fuzzing/radare2/binr/radare2/radare2.c:96\n #17 0x7fabd52f97fc in __libc_start_main ../csu/libc-start.c:332\n #18 0x5652f8dde179 in _start (/root/fuzzing/radare2_fuzzing/radare2/binr/radare2/radare2+0x1179)\n\n0x6020000a2a17 is located 0 bytes to the right of 7-byte region [0x6020000a2a10,0x6020000a2a17)\nallocated by thread T0 here: \n #0 0x7fabd59fe7cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145\n #1 0x7fabd2edd2ef in anal_block_cb /root/fuzzing/radare2_fuzzing/radare2/libr/core/canal.c:3452\n #2 0x7fabd1618bab in r_anal_block_recurse_depth_first /root/fuzzing/radare2_fuzzing/radare2/libr/anal/block.c:531\n #3 0x7fabd2ede480 in r_core_recover_vars /root/fuzzing/radare2_fuzzing/radare2/libr/core/canal.c:3553\n #4 0x7fabd2cf8d40 in r_core_af /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:3894\n #5 0x7fabd2ee2f29 in r_core_anal_all /root/fuzzing/radare2_fuzzing/radare2/libr/core/canal.c:4251\n #6 0x7fabd2d33ac1 in cmd_anal_all /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:11125\n #7 0x7fabd2d3bc5b in cmd_anal /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:12330\n #8 0x7fabd2eb7d8a in r_cmd_call /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_api.c:531\n #9 0x7fabd2dece8c in r_core_cmd_subst_i /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:4478\n #10 0x7fabd2de4103 in r_core_cmd_subst /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:3364\n #11 0x7fabd2df3792 in run_cmd_depth /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:5366\n #12 0x7fabd2df4002 in r_core_cmd /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:5449\n #13 0x7fabd2df4b2c in r_core_cmd0 /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd.c:5606\n #14 0x7fabd54f93ca in r_main_radare2 /root/fuzzing/radare2_fuzzing/radare2/libr/main/radare2.c:1397\n #15 0x5652f8dde5f8 in main /root/fuzzing/radare2_fuzzing/radare2/binr/radare2/radare2.c:96\n #16 0x7fabd52f97fc in __libc_start_main ../csu/libc-start.c:332\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow /root/fuzzing/radare2_fuzzing/radare2/libr/..//libr/anal/p/anal_cris.c:65 in analop\nShadow bytes around the buggy address:\n 0x0c048000c4f0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa\n 0x0c048000c500: fa fa fd fa fa fa fd fa fa fa 06 fa fa fa fd fa\n 0x0c048000c510: fa fa fd fa fa fa fd fa fa fa fd fd fa fa 00 05\n 0x0c048000c520: fa fa 00 fa fa fa 00 02 fa fa fd fd fa fa 00 05\n 0x0c048000c530: fa fa 00 05 fa fa 00 05 fa fa fd fd fa fa fd fd\n=>0x0c048000c540: fa fa[07]fa fa fa 04 fa fa fa 03 fa fa fa 03 fa\n 0x0c048000c550: fa fa 03 fa fa fa 03 fa fa fa fa fa fa fa fa fa\n 0x0c048000c560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c048000c570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c048000c580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c048000c590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n==2143069==ABORTING\n```\n\n\n\n# Backtrace\n\n```bash\n#7 0x00007ffff3149e67 in analop (a=0x61a000000680, op=0x7fffffffd170, addr=65542, buf=0x6020000a2a96 \"\\001\", len=1, mask=7) at /root/fuzzing/radare2_fuzzing/radare2/libr/..//libr/anal/p/anal_cris.c:65\n#8 0x00007ffff32710b8 in r_anal_op (anal=0x61a000000680, op=0x7fffffffd170, addr=65542, data=0x6020000a2a96 \"\\001\", len=1, mask=7) at op.c:120\n#9 0x00007ffff4b60955 in anal_block_cb (bb=0x611000014e00, ctx=0x7fffffffd580) at canal.c:3502\n#10 0x00007ffff329bbac in r_anal_block_recurse_depth_first (block=0x611000014e00, cb=0x7ffff4b600da <anal_block_cb>, on_exit=0x7ffff4b5ff63 <anal_block_on_exit>, user=0x7fffffffd580) at block.c:531\n#11 0x00007ffff4b61481 in r_core_recover_vars (core=0x7fffef60f800, fcn=0x611000014cc0, argonly=true) at canal.c:3553\n#12 0x00007ffff497bd41 in r_core_af (core=0x7fffef60f800, addr=65536, name=0x0, anal_calls=false) at /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:3894\n#13 0x00007ffff4b65f2a in r_core_anal_all (core=0x7fffef60f800) at canal.c:4251\n#14 0x00007ffff49b6ac2 in cmd_anal_all (core=0x7fffef60f800, input=0x6020000a26d2 \"aa\") at /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:11125\n#15 0x00007ffff49bec5c in cmd_anal (data=0x7fffef60f800, input=0x6020000a26d1 \"aaa\") at /root/fuzzing/radare2_fuzzing/radare2/libr/core/cmd_anal.c:12330\n#16 0x00007ffff4b3ad8b in r_cmd_call (cmd=0x620000000080, input=0x6020000a26d0 \"aaaa\") at cmd_api.c:531\n#17 0x00007ffff4a6fe8d in r_core_cmd_subst_i (core=0x7fffef60f800, cmd=0x6020000a26d0 \"aaaa\", colon=0x0, tmpseek=0x7fffffffdea0) at cmd.c:4478\n#18 0x00007ffff4a67104 in r_core_cmd_subst (core=0x7fffef60f800, cmd=0x6020000a26d0 \"aaaa\") at cmd.c:3364\n#19 0x00007ffff4a76793 in run_cmd_depth (core=0x7fffef60f800, cmd=0x6210000ec500 \"aaaa\") at cmd.c:5366\n#20 0x00007ffff4a77003 in r_core_cmd (core=0x7fffef60f800, cstr=0x7ffff7196a80 \"aaaa\", log=false) at cmd.c:5449\n#21 0x00007ffff4a77b2d in r_core_cmd0 (core=0x7fffef60f800, cmd=0x7ffff7196a80 \"aaaa\") at cmd.c:5606\n#22 0x00007ffff717c3cb in r_main_radare2 (argc=4, argv=0x7fffffffe468) at radare2.c:1397\n#23 0x00005555555555f9 in main (argc=4, argv=0x7fffffffe468) at radare2.c:96\n#24 0x00007ffff6f7c7fd in __libc_start_main (main=0x555555555581 <main>, argc=4, argv=0x7fffffffe468, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe458) at ../csu/libc-start.c:332\n#25 0x000055555555517a in _start ()\n```\n\n# Analysis\n\nThe buffer is allocated at `/libr/core/canal.c:3452` with `bb->size`\n\n```c\nstatic bool anal_block_cb(RAnalBlock *bb, BlockRecurseCtx *ctx) {\n\tif (r_cons_is_breaked ()) {\n\t\treturn false;\n\t}\n\tif (bb->size < 1) {\n\t\treturn true;\n\t}\n\tif (bb->size > ctx->core->anal->opt.bb_max_size) {\n\t\treturn true;\n\t}\n\tut8 *buf = malloc (bb->size);\n\tif (!buf) {\n\t\treturn false;\n\t}\n (void) r_io_read_at (ctx->core->io, bb->addr, buf, bb->size);\n```\n\nThen at `/libr/core/canal.c:3502`, `pos ` value is added to the pointer `buf` before being passed to `r_anal_op` function \n\n```c\n#else\n\t\tpos = (opaddr - bb->addr);\n\t\tif (r_anal_op (core->anal, &op, opaddr, buf + pos, bb->size - pos, mask) < 1) {\n\t\t\tbreak;\n\t\t}\n```\n\n`r_anal_op` function passes the arguments to `op` function without any validiation on `data`\n\n```bash\nret = anal->cur->op (anal, op, addr, data, len, mask);\n```\n\nThe OOB read happens at `/libr/anal/p/anal_cris.c:65` when it tries to read `buf[1]` \n\n```c\nstatic int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAnalOpMask mask) {\n\tdefault:\n\t\tswitch (buf[1]) { // <<<<< OOB read\n\t\tcase 0x00:\n\t\t\top->type = R_ANAL_OP_TYPE_CJMP; // BCC\n\t\t\tbreak;\n```\n\n\n\n# Suggested Fix\n\nValidate `buf` size after adding `pos`at `/libr/core/canal.c:3502`\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2022-04-01T13:11:06", "type": "huntr", "title": "Out-of-bounds read ", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1207"], "modified": "2022-04-01T19:05:23", "id": "7B979E76-AE54-4132-B455-0833E45195EB", "href": "https://www.huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-06T14:46:30", "description": "Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2022-04-01T19:15:00", "type": "cve", "title": "CVE-2022-1207", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1207"], "modified": "2022-04-08T16:53:00", "cpe": [], "id": "CVE-2022-1207", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "ubuntucve": [{"lastseen": "2023-12-07T13:45:57", "description": "Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8.\nThis vulnerability allows attackers to read sensitive information from\noutside the allocated buffer boundary.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2022-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-1207", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1207"], "modified": "2022-04-01T00:00:00", "id": "UB:CVE-2022-1207", "href": "https://ubuntu.com/security/CVE-2022-1207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-11-20T23:18:26", "description": "Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2022-04-01T19:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1207"], "modified": "2022-04-08T16:53:00", "id": "PRION:CVE-2022-1207", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-1207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-12-06T18:26:37", "description": "Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2022-04-01T19:15:00", "type": "debiancve", "title": "CVE-2022-1207", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1207"], "modified": "2022-04-01T19:15:00", "id": "DEBIANCVE:CVE-2022-1207", "href": "https://security-tracker.debian.org/tracker/CVE-2022-1207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}

CVE-2022-1207

Description

Affected Package

Related