CVE-2022-1283 - OpenCVE

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Radare	Radare2

Configuration 1 [-]

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-08T17:55:10

Updated: 2024-08-02T23:55:24.530Z

Reserved: 2022-04-08T00:00:00

Link: CVE-2022-1283

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-08T18:15:09.703

Modified: 2022-04-15T15:28:01.770

Link: CVE-2022-1283

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "radareorg/radare2", "vendor": "radareorg", "versions": [{"lessThan": "5.6.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-08T17:55:10", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"}], "source": {"advisory": "bfeb8fb8-644d-4587-80d4-cb704c404013", "discovery": "EXTERNAL"}, "title": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1283", "STATE": "PUBLIC", "TITLE": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "radareorg/radare2", "version": {"version_data": [{"version_affected": "<", "version_value": "5.6.8"}]}}]}, "vendor_name": "radareorg"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash)."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476 NULL Pointer Dereference"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"}, {"name": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67", "refsource": "MISC", "url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"}]}, "source": {"advisory": "bfeb8fb8-644d-4587-80d4-cb704c404013", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.530Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1283", "datePublished": "2022-04-08T17:55:10", "dateReserved": "2022-04-08T00:00:00", "dateUpdated": "2024-08-02T23:55:24.530Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", "matchCriteriaId": "8956009B-4EDA-4AA6-997D-B2C8C5D05CEC", "versionEndExcluding": "5.6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash)."}, {"lang": "es", "value": "Un Desreferencia de Puntero NULL en la funci\u00f3n r_bin_ne_get_entrypoints en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.8. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n)"}], "id": "CVE-2022-1283", "lastModified": "2022-04-15T15:28:01.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-08T18:15:09.703", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@huntr.dev", "type": "Primary"}]}