Main Vulnerability Database SB2022072219

SB2022072219 - Denial of service in Radare2

Published: July 22, 2022 Updated: August 21, 2023

Security Bulletin ID SB2022072219

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2022-34520)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libr/bin/p/bin_xtr_xalz.c. A remote attacker can trigger denial of service conditions via a crafted binary file.

Remediation

Install update from vendor's website.

References

https://github.com/radareorg/radare2/issues/20354
https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5