Buffer Access with Incorrect Length Value
CVE-2022-1238
Summary
Heap-based Buffer Overflow in "libr/bin/format/ne/ne.c" in radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-805 - Buffer Access with Incorrect Length Value
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
References
Advisory Timeline
- Published