Skip to main content

Buffer Access with Incorrect Length Value

CVE-2022-1238

Severity High
Score 7.8/10

Summary

Heap-based Buffer Overflow in "libr/bin/format/ne/ne.c" in radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-805 - Buffer Access with Incorrect Length Value

The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

Advisory Timeline

  • Published