Summaryinfo

A vulnerability classified as critical has been found in radare2.js up to 5.6.1. This impacts an unknown function. Performing a manipulation results in memory corruption. This vulnerability is reported as CVE-2022-0523. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in radare2.js up to 5.6.1 (Programming Tool Software). It has been classified as critical. This affects some unknown processing. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was disclosed 02/09/2022. The advisory is shared at huntr.dev. This vulnerability is uniquely identified as CVE-2022-0523 since 02/07/2022. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading to version 5.6.2 eliminates this vulnerability. Applying the patch 35482cb760db10f87a62569e2f8872dbd95e9269 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2022-15651). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Programming Tool Software

Name

• radare2.js

Version

• 5.6.0
• 5.6.1

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion