CVE-2022-0522
Access of Memory Location Before Start of Buffer in radareorg/radare2
In short
A memory access vulnerability in the radare2.js library allows an attacker to read data from memory locations before the intended buffer, potentially exposing sensitive information. This flaw affects versions before 5.6.2.
Technical detail
CWE-786 out-of-bounds read vulnerability in radare2.js NPM package prior to version 5.6.2; allows reading memory before allocated buffer boundaries through improper bounds checking, potentially disclosing sensitive data; requires interaction with malformed input to trigger the vulnerability.
Summary generated and translated by AI from the official description.
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected products
radareorg · radareorg/radare2Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d6https://huntr.dev/bounties/2d45e589-d614-4875-bba1-be0f729e7ca9https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/