Bug 1198807 – VUL-0: CVE-2022-1451: radare2: Out-of-bounds Read

Bug 1198807 - (CVE-2022-1451) VUL-0: CVE-2022-1451: radare2: Out-of-bounds Read

(CVE-2022-1451)
Summary:	VUL-0: CVE-2022-1451: radare2: Out-of-bounds Read

Status:	NEW

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.4
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor (vote)
Target Milestone:	---
Assigned To:	Stefan Brüns
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/329974/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-04-25 08:25 UTC by Hu
Modified:	2022-04-25 09:15 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hu 2022-04-25 08:25:24 UTC

CVE-2022-1451

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub
repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads
data past the end 2f the intented buffer. Typically, this can allow attackers to
read sensitive information from other memory locations or cause a crash. More
details see [CWE-125: Out-of-bounds
read](https://cwe.mitre.org/data/definitions/125.html).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1451
http://www.cvedetails.com/cve/CVE-2022-1451/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1451
https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7

Comment 1 Hu 2022-04-25 08:25:47 UTC

Affected:
- openSUSE:Factory/radare2 5.5.4