Multiple vulnerabilities in radare2
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-0713 CVE-2022-0712 CVE-2022-0476 |
| CWE-ID | CWE-122 CWE-476 CWE-400 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
radare2 Universal components / Libraries / Software for developers |
| Vendor | Radare |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated 25.02.2022
Added vulnerability #3
1) Heap-based buffer overflow
EUVDB-ID: #VU60864
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0713
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in r_read_le32. A remote attacker can trick a victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsradare2: 0.8.6 - 5.6.3
CPE2.3- cpe:2.3:a:radare:radare2:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:radare:radare2:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:radare:radare2:0.9:*:*:*:*:*:*:*
https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c
https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU60865
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0712
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick a victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 0.8.6 - 5.6.3
CPE2.3- cpe:2.3:a:radare:radare2:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:radare:radare2:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:radare:radare2:0.9:*:*:*:*:*:*:*
https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU60881
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-0476
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick a victim to open a specially crafted mdmp file, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsradare2: 0.8.6 - 5.6.3
CPE2.3- cpe:2.3:a:radare:radare2:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:radare:radare2:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:radare:radare2:0.9:*:*:*:*:*:*:*
https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b
https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
