Debian Bug report logs -
#1014478
radare2: CVE-2022-1714 CVE-2022-1809 CVE-2022-1899 CVE-2022-0849 CVE-2022-1052 CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238 CVE-2022-1240 CVE-2022-1244 CVE-2022-0476 CVE-2022-0518 CVE-2022-0519 CVE-2022-0521 CVE-2022-0523 CVE-2022-0559 CVE-2022-0676 CVE-2022-0695 CVE-2022-0712 CVE-2022-0713 CVE-2022-0139 CVE-2022-0173 CVE-2022-0419 CVE-2022-1031 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296 CVE-2022-1297 CVE-2022-1382 CVE-2022-1444 CVE-2022-1437 CVE-2022-1451 CVE-2022-1452 CVE-2022-1649 CVE-2022-1383
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Security Tools <team+pkg-security@tracker.debian.org>:
Bug#1014478; Package src:radare2.
(Wed, 06 Jul 2022 18:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Security Tools <team+pkg-security@tracker.debian.org>.
(Wed, 06 Jul 2022 18:30:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: radare2
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for radare2.
CVE-2022-1714[0]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.7.0. The bug causes the program reads data past the end of
| the intented buffer. Typically, this can allow attackers to read
| sensitive information from other memory locations or cause a crash.
https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
CVE-2022-1809[1]:
| Access of Uninitialized Pointer in GitHub repository radareorg/radare2
| prior to 5.7.0.
https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17
https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d
CVE-2022-1899[2]:
| Out-of-bounds Read in GitHub repository radareorg/radare2 prior to
| 5.7.0.
https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-0849[3]:
| Use After Free in r_reg_get_name_idx in GitHub repository
| radareorg/radare2 prior to 5.6.6.
https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6
https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24
CVE-2022-1052[4]:
| Heap Buffer Overflow in iterate_chained_fixups in GitHub repository
| radareorg/radare2 prior to 5.6.6.
https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7
https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
CVE-2022-1061[5]:
| Heap Buffer Overflow in parseDragons in GitHub repository
| radareorg/radare2 prior to 5.6.8.
https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
CVE-2022-1207[6]:
| Out-of-bounds read in GitHub repository radareorg/radare2 prior to
| 5.6.8. This vulnerability allows attackers to read sensitive
| information from outside the allocated buffer boundary.
https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb
https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1
CVE-2022-1237[7]:
| Improper Validation of Array Index in GitHub repository
| radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow
| and may be exploitable. For more general description of heap buffer
| overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40
https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6
CVE-2022-1238[8]:
| Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub
| repository radareorg/radare2 prior to 5.6.8. This vulnerability is
| heap overflow and may be exploitable. For more general description of
| heap buffer overflow, see
| [CWE](https://cwe.mitre.org/data/definitions/122.html).
https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778
CVE-2022-1240[9]:
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub
| repository radareorg/radare2 prior to 5.8.6. If address sanitizer is
| disabled during the compiling, the program should executes into the
| `r_str_ncpy` function. Therefore I think it is very likely to be
| exploitable. For more general description of heap buffer overflow, see
| [CWE](https://cwe.mitre.org/data/definitions/122.html).
https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
CVE-2022-1244[10]:
| heap-buffer-overflow in GitHub repository radareorg/radare2 prior to
| 5.6.8. This vulnerability is capable of inducing denial of service.
https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82
https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3
CVE-2022-0476[11]:
| Denial of Service in GitHub repository radareorg/radare2 prior to
| 5.6.4.
https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b
CVE-2022-0518[12]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.6.2.
https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
CVE-2022-0519[13]:
| Buffer Access with Incorrect Length Value in GitHub repository
| radareorg/radare2 prior to 5.6.2.
https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
CVE-2022-0521[14]:
| Access of Memory Location After End of Buffer in GitHub repository
| radareorg/radare2 prior to 5.6.2.
https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca
https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
CVE-2022-0523[15]:
| Expired Pointer Dereference in GitHub repository radareorg/radare2
| prior to 5.6.2.
https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269
CVE-2022-0559[16]:
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e
https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e
CVE-2022-0676[17]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.6.4.
https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485
https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6
CVE-2022-0695[18]:
| Denial of Service in GitHub repository radareorg/radare2 prior to
| 5.6.4.
https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea
https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
CVE-2022-0712[19]:
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior
| to 5.6.4.
https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
CVE-2022-0713[20]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.6.4.
https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c
https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1
CVE-2022-0139[21]:
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.
https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
CVE-2022-0173[22]:
| radare2 is vulnerable to Out-of-bounds Read
https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
CVE-2022-0419[23]:
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior
| to 5.6.0.
https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0)
https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
CVE-2022-1031[24]:
| Use After Free in op_is_set_bp in GitHub repository radareorg/radare2
| prior to 5.6.6.
https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457
https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb
CVE-2022-1283[25]:
| NULL Pointer Dereference in r_bin_ne_get_entrypoints function in
| GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability
| allows attackers to cause a denial of service (application crash).
https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
CVE-2022-1284[26]:
| heap-use-after-free in GitHub repository radareorg/radare2 prior to
| 5.6.8. This vulnerability is capable of inducing denial of service.
https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6
CVE-2022-1296[27]:
| Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub
| repository radareorg/radare2 prior to 5.6.8. This vulnerability may
| allow attackers to read sensitive information or cause a crash.
https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0
https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6
CVE-2022-1297[28]:
| Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub
| repository radareorg/radare2 prior to 5.6.8. This vulnerability may
| allow attackers to read sensitive information or cause a crash.
https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac
https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6
CVE-2022-1382[29]:
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior
| to 5.6.8. This vulnerability is capable of making the radare2 crash,
| thus affecting the availability of the system.
https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1
https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
CVE-2022-1444[30]:
| heap-use-after-free in GitHub repository radareorg/radare2 prior to
| 5.7.0. This vulnerability is capable of inducing denial of service.
https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa
https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5
CVE-2022-1437[31]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.7.0. The bug causes the program reads data past the end of
| the intented buffer. Typically, this can allow attackers to read
| sensitive information from other memory locations or cause a crash.
https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038
https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136
CVE-2022-1451[32]:
| Out-of-bounds Read in r_bin_java_constant_value_attr_new function in
| GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the
| program reads data past the end 2f the intented buffer. Typically,
| this can allow attackers to read sensitive information from other
| memory locations or cause a crash. More details see [CWE-125: Out-of-
| bounds read](https://cwe.mitre.org/data/definitions/125.html).
https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
CVE-2022-1452[33]:
| Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function
| in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes
| the program reads data past the end 2f the intented buffer. Typically,
| this can allow attackers to read sensitive information from other
| memory locations or cause a crash. More details see [CWE-125: Out-of-
| bounds read](https://cwe.mitre.org/data/definitions/125.html).
https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6
https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168
CVE-2022-1649[34]:
| Null pointer dereference in libr/bin/format/mach0/mach0.c in
| radareorg/radare2 in GitHub repository radareorg/radare2 prior to
| 5.7.0. It is likely to be exploitable. For more general description of
| heap buffer overflow, see
| [CWE](https://cwe.mitre.org/data/definitions/476.html).
https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
CVE-2022-1383[35]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.6.8. The bug causes the program reads data past the end of
| the intented buffer. Typically, this can allow attackers to read
| sensitive information from other memory locations or cause a crash.
https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-1714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1714
[1] https://security-tracker.debian.org/tracker/CVE-2022-1809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1809
[2] https://security-tracker.debian.org/tracker/CVE-2022-1899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1899
[3] https://security-tracker.debian.org/tracker/CVE-2022-0849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0849
[4] https://security-tracker.debian.org/tracker/CVE-2022-1052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1052
[5] https://security-tracker.debian.org/tracker/CVE-2022-1061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1061
[6] https://security-tracker.debian.org/tracker/CVE-2022-1207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1207
[7] https://security-tracker.debian.org/tracker/CVE-2022-1237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1237
[8] https://security-tracker.debian.org/tracker/CVE-2022-1238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1238
[9] https://security-tracker.debian.org/tracker/CVE-2022-1240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1240
[10] https://security-tracker.debian.org/tracker/CVE-2022-1244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1244
[11] https://security-tracker.debian.org/tracker/CVE-2022-0476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0476
[12] https://security-tracker.debian.org/tracker/CVE-2022-0518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0518
[13] https://security-tracker.debian.org/tracker/CVE-2022-0519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0519
[14] https://security-tracker.debian.org/tracker/CVE-2022-0521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0521
[15] https://security-tracker.debian.org/tracker/CVE-2022-0523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0523
[16] https://security-tracker.debian.org/tracker/CVE-2022-0559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0559
[17] https://security-tracker.debian.org/tracker/CVE-2022-0676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0676
[18] https://security-tracker.debian.org/tracker/CVE-2022-0695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0695
[19] https://security-tracker.debian.org/tracker/CVE-2022-0712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0712
[20] https://security-tracker.debian.org/tracker/CVE-2022-0713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0713
[21] https://security-tracker.debian.org/tracker/CVE-2022-0139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0139
[22] https://security-tracker.debian.org/tracker/CVE-2022-0173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0173
[23] https://security-tracker.debian.org/tracker/CVE-2022-0419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0419
[24] https://security-tracker.debian.org/tracker/CVE-2022-1031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1031
[25] https://security-tracker.debian.org/tracker/CVE-2022-1283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1283
[26] https://security-tracker.debian.org/tracker/CVE-2022-1284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1284
[27] https://security-tracker.debian.org/tracker/CVE-2022-1296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1296
[28] https://security-tracker.debian.org/tracker/CVE-2022-1297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1297
[29] https://security-tracker.debian.org/tracker/CVE-2022-1382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1382
[30] https://security-tracker.debian.org/tracker/CVE-2022-1444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1444
[31] https://security-tracker.debian.org/tracker/CVE-2022-1437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1437
[32] https://security-tracker.debian.org/tracker/CVE-2022-1451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1451
[33] https://security-tracker.debian.org/tracker/CVE-2022-1452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1452
[34] https://security-tracker.debian.org/tracker/CVE-2022-1649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1649
[35] https://security-tracker.debian.org/tracker/CVE-2022-1383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1383
Please adjust the affected versions in the BTS as needed.
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 06 Jul 2022 19:33:04 GMT) (full text, mbox, link).
Marked as found in versions radare2/5.5.0+dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 06 Jul 2022 19:33:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Jul 7 13:15:47 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon