CVE-2022-1451 HIGH

CVE-2022-1451: Out-of-bounds Read in r_bin_java_constant_value_attr_new function in radareorg/radare2

Vendor Radareorg

Product radareorg/radare2

Weakness CWE-788

Published April 24, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

What the vulnerability does

Description

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).

Key dates

Disclosure timeline

April 24, 2022 CVE published

August 3, 2024 Record updated