Lucene search

Veracode Vulnerability DatabaseVERACODE:46792

HistoryMay 07, 2024 - 9:57 p.m.

Heap-Based Buffer Overflow

2024-05-0721:57:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

radare2

software vulnerability

heap memory overwrite

input validation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

46.9%

JSON

radare2 is vulnerable to heap-based buffer overflow. The vulnerability is due to insufficient input validation, allowing attackers to overwrite data in the heap memory.

References

github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd

huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd

lists.fedoraproject.org/archives/list/[email protected]/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/

lists.fedoraproject.org/archives/list/[email protected]/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/

security-tracker.debian.org/tracker/CVE-2023-4322

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

46.9%

JSON

Related for VERACODE:46792