Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-1437
HistoryApr 22, 2022 - 3:15 p.m.

CVE-2022-1437

2022-04-2215:15:07
Debian Security Bug Tracker
security-tracker.debian.org
30
cve-2022-1437
github
repository
radare2
buffer overflow
sensitive information
memory locations
unix

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

31.5%

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

OSVersionArchitecturePackageVersionFilename
Debian999allradare2< 5.9.0+dfsg-1radare2_5.9.0+dfsg-1_all.deb
Debian13allradare2< 5.9.0+dfsg-1radare2_5.9.0+dfsg-1_all.deb

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

31.5%