Source: radare2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for radare2. CVE-2022-1714[0]: | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 | prior to 5.7.0. The bug causes the program reads data past the end of | the intented buffer. Typically, this can allow attackers to read | sensitive information from other memory locations or cause a crash. https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0 https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e CVE-2022-1809[1]: | Access of Uninitialized Pointer in GitHub repository radareorg/radare2 | prior to 5.7.0. https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17 https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d CVE-2022-1899[2]: | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to | 5.7.0. https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d CVE-2022-0849[3]: | Use After Free in r_reg_get_name_idx in GitHub repository | radareorg/radare2 prior to 5.6.6. https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6 https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24 CVE-2022-1052[4]: | Heap Buffer Overflow in iterate_chained_fixups in GitHub repository | radareorg/radare2 prior to 5.6.6. https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7 https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4 CVE-2022-1061[5]: | Heap Buffer Overflow in parseDragons in GitHub repository | radareorg/radare2 prior to 5.6.8. https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7 https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522 CVE-2022-1207[6]: | Out-of-bounds read in GitHub repository radareorg/radare2 prior to | 5.6.8. This vulnerability allows attackers to read sensitive | information from outside the allocated buffer boundary. https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1 CVE-2022-1237[7]: | Improper Validation of Array Index in GitHub repository | radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow | and may be exploitable. For more general description of heap buffer | overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40 https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6 CVE-2022-1238[8]: | Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub | repository radareorg/radare2 prior to 5.6.8. This vulnerability is | heap overflow and may be exploitable. For more general description of | heap buffer overflow, see | [CWE](https://cwe.mitre.org/data/definitions/122.html). https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200 https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778 CVE-2022-1240[9]: | Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub | repository radareorg/radare2 prior to 5.8.6. If address sanitizer is | disabled during the compiling, the program should executes into the | `r_str_ncpy` function. Therefore I think it is very likely to be | exploitable. For more general description of heap buffer overflow, see | [CWE](https://cwe.mitre.org/data/definitions/122.html). https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4 CVE-2022-1244[10]: | heap-buffer-overflow in GitHub repository radareorg/radare2 prior to | 5.6.8. This vulnerability is capable of inducing denial of service. https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82 https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3 CVE-2022-0476[11]: | Denial of Service in GitHub repository radareorg/radare2 prior to | 5.6.4. https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b CVE-2022-0518[12]: | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 | prior to 5.6.2. https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa CVE-2022-0519[13]: | Buffer Access with Incorrect Length Value in GitHub repository | radareorg/radare2 prior to 5.6.2. https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 CVE-2022-0521[14]: | Access of Memory Location After End of Buffer in GitHub repository | radareorg/radare2 prior to 5.6.2. https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 CVE-2022-0523[15]: | Expired Pointer Dereference in GitHub repository radareorg/radare2 | prior to 5.6.2. https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 CVE-2022-0559[16]: | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e CVE-2022-0676[17]: | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 | prior to 5.6.4. https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485 https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 CVE-2022-0695[18]: | Denial of Service in GitHub repository radareorg/radare2 prior to | 5.6.4. https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf CVE-2022-0712[19]: | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior | to 5.6.4. https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 CVE-2022-0713[20]: | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 | prior to 5.6.4. https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1 CVE-2022-0139[21]: | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) CVE-2022-0173[22]: | radare2 is vulnerable to Out-of-bounds Read https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c CVE-2022-0419[23]: | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior | to 5.6.0. https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0) https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ CVE-2022-1031[24]: | Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 | prior to 5.6.6. https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457 https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb CVE-2022-1283[25]: | NULL Pointer Dereference in r_bin_ne_get_entrypoints function in | GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability | allows attackers to cause a denial of service (application crash). https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67 CVE-2022-1284[26]: | heap-use-after-free in GitHub repository radareorg/radare2 prior to | 5.6.8. This vulnerability is capable of inducing denial of service. https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7 https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6 CVE-2022-1296[27]: | Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub | repository radareorg/radare2 prior to 5.6.8. This vulnerability may | allow attackers to read sensitive information or cause a crash. https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0 https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6 CVE-2022-1297[28]: | Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub | repository radareorg/radare2 prior to 5.6.8. This vulnerability may | allow attackers to read sensitive information or cause a crash. https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6 CVE-2022-1382[29]: | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior | to 5.6.8. This vulnerability is capable of making the radare2 crash, | thus affecting the availability of the system. https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1 https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44 CVE-2022-1444[30]: | heap-use-after-free in GitHub repository radareorg/radare2 prior to | 5.7.0. This vulnerability is capable of inducing denial of service. https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5 CVE-2022-1437[31]: | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 | prior to 5.7.0. The bug causes the program reads data past the end of | the intented buffer. Typically, this can allow attackers to read | sensitive information from other memory locations or cause a crash. https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038 https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136 CVE-2022-1451[32]: | Out-of-bounds Read in r_bin_java_constant_value_attr_new function in | GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the | program reads data past the end 2f the intented buffer. Typically, | this can allow attackers to read sensitive information from other | memory locations or cause a crash. More details see [CWE-125: Out-of- | bounds read](https://cwe.mitre.org/data/definitions/125.html). https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7 https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529 CVE-2022-1452[33]: | Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function | in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes | the program reads data past the end 2f the intented buffer. Typically, | this can allow attackers to read sensitive information from other | memory locations or cause a crash. More details see [CWE-125: Out-of- | bounds read](https://cwe.mitre.org/data/definitions/125.html). https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6 https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168 CVE-2022-1649[34]: | Null pointer dereference in libr/bin/format/mach0/mach0.c in | radareorg/radare2 in GitHub repository radareorg/radare2 prior to | 5.7.0. It is likely to be exploitable. For more general description of | heap buffer overflow, see | [CWE](https://cwe.mitre.org/data/definitions/476.html). https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449 https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1 CVE-2022-1383[35]: | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 | prior to 5.6.8. The bug causes the program reads data past the end of | the intented buffer. Typically, this can allow attackers to read | sensitive information from other memory locations or cause a crash. https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9 https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-1714 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1714 [1] https://security-tracker.debian.org/tracker/CVE-2022-1809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1809 [2] https://security-tracker.debian.org/tracker/CVE-2022-1899 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1899 [3] https://security-tracker.debian.org/tracker/CVE-2022-0849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0849 [4] https://security-tracker.debian.org/tracker/CVE-2022-1052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1052 [5] https://security-tracker.debian.org/tracker/CVE-2022-1061 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1061 [6] https://security-tracker.debian.org/tracker/CVE-2022-1207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1207 [7] https://security-tracker.debian.org/tracker/CVE-2022-1237 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1237 [8] https://security-tracker.debian.org/tracker/CVE-2022-1238 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1238 [9] https://security-tracker.debian.org/tracker/CVE-2022-1240 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1240 [10] https://security-tracker.debian.org/tracker/CVE-2022-1244 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1244 [11] https://security-tracker.debian.org/tracker/CVE-2022-0476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0476 [12] https://security-tracker.debian.org/tracker/CVE-2022-0518 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0518 [13] https://security-tracker.debian.org/tracker/CVE-2022-0519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0519 [14] https://security-tracker.debian.org/tracker/CVE-2022-0521 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0521 [15] https://security-tracker.debian.org/tracker/CVE-2022-0523 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0523 [16] https://security-tracker.debian.org/tracker/CVE-2022-0559 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0559 [17] https://security-tracker.debian.org/tracker/CVE-2022-0676 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0676 [18] https://security-tracker.debian.org/tracker/CVE-2022-0695 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0695 [19] https://security-tracker.debian.org/tracker/CVE-2022-0712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0712 [20] https://security-tracker.debian.org/tracker/CVE-2022-0713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0713 [21] https://security-tracker.debian.org/tracker/CVE-2022-0139 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0139 [22] https://security-tracker.debian.org/tracker/CVE-2022-0173 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0173 [23] https://security-tracker.debian.org/tracker/CVE-2022-0419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0419 [24] https://security-tracker.debian.org/tracker/CVE-2022-1031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1031 [25] https://security-tracker.debian.org/tracker/CVE-2022-1283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1283 [26] https://security-tracker.debian.org/tracker/CVE-2022-1284 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1284 [27] https://security-tracker.debian.org/tracker/CVE-2022-1296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1296 [28] https://security-tracker.debian.org/tracker/CVE-2022-1297 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1297 [29] https://security-tracker.debian.org/tracker/CVE-2022-1382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1382 [30] https://security-tracker.debian.org/tracker/CVE-2022-1444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1444 [31] https://security-tracker.debian.org/tracker/CVE-2022-1437 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1437 [32] https://security-tracker.debian.org/tracker/CVE-2022-1451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1451 [33] https://security-tracker.debian.org/tracker/CVE-2022-1452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1452 [34] https://security-tracker.debian.org/tracker/CVE-2022-1649 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1649 [35] https://security-tracker.debian.org/tracker/CVE-2022-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1383 Please adjust the affected versions in the BTS as needed.