CVE-2022-1451 Out-of-bounds Read in r_bin_java_constant_value_attr_new function in radareorg/radare2

2022-04-2420:50:16

CWE-788

@huntrdev

www.cve.org

cve-2022-1451

out-of-bounds read

r_bin_java_constant_value_attr_new

github repository

radareorg/radare2

version 5.7.0

cwe-125

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

43.5%

JSON

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see CWE-125: Out-of-bounds read.

CNA Affected

[
  {
    "product": "radareorg/radare2",
    "vendor": "radareorg",
    "versions": [
      {
        "lessThan": "5.7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]