CVE-2022-28073 in radare2
Summary
by MITRE • 08/22/2023
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/19/2026
The vulnerability under discussion represents a critical use-after-free condition within the r_reg_set_value function of radare2 version 5.4.2 and 5.4.0, constituting a severe memory safety issue that can potentially lead to arbitrary code execution. This flaw resides in the register management subsystem of the reverse engineering framework, where improper memory deallocation followed by subsequent access creates a dangerous window for exploitation. The vulnerability manifests when the function processes register value assignments, specifically in scenarios involving complex register operations or when handling multiple concurrent register modifications. The underlying technical flaw stems from inadequate memory management practices where freed memory regions are not properly invalidated or reinitialized before being accessed again, creating a classic use-after-free scenario that violates fundamental memory safety principles.
The operational impact of this vulnerability extends beyond simple memory corruption, as it can be leveraged by attackers to achieve remote code execution within the context of the radare2 process. When exploited successfully, this flaw allows adversaries to manipulate the program flow by controlling the contents of freed memory regions, potentially leading to privilege escalation or complete system compromise. The vulnerability affects all systems running affected versions of radare2, making it particularly concerning given the widespread use of this reverse engineering tool in security research, malware analysis, and software development environments. Attackers could exploit this through malformed input files, malicious binary analysis scenarios, or by crafting specific debugging sessions that trigger the vulnerable code path during register manipulation operations. The attack surface is broadened by radare2's extensive use in automated analysis pipelines and its integration with various security tools and frameworks that depend on its register management capabilities.
Mitigation strategies for this vulnerability should focus on immediate remediation through version updates to radare2 5.4.3 or later, which contain the necessary patches to address the memory management issues in the r_reg_set_value function. System administrators and security teams should prioritize patching affected installations, particularly in environments where radare2 is used for security analysis or malware research. Additionally, implementing runtime protections such as address space layout randomization and stack canaries can provide defense-in-depth measures against potential exploitation attempts. The vulnerability aligns with CWE-416, which specifically addresses use-after-free errors, and can be mapped to ATT&CK technique T1059 for execution through command-line interfaces or T1587 for development tools and libraries that may be leveraged in the exploitation process. Organizations should also consider implementing monitoring for suspicious memory access patterns and anomalous register manipulation activities that could indicate exploitation attempts. The fix implemented in subsequent versions typically involves proper memory deallocation validation, null pointer checks, and ensuring that freed memory regions are not accessed until properly reallocated, thus preventing the conditions that enable the use-after-free scenario to occur.