CVE-2022-28072: Buffer Overflow
First published: Tue Aug 22 2023(Updated: )
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Radare Radare2 | =5.4.0 | |
| Radare Radare2 | =5.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this heap buffer overflow in radare2?
The vulnerability ID is CVE-2022-28072.
What is the severity of CVE-2022-28072?
The severity of CVE-2022-28072 is high with a CVSS score of 7.5.
Which versions of radare2 are affected by CVE-2022-28072?
The versions 5.4.0 and 5.4.2 of radare2 are affected by CVE-2022-28072.
How does the vulnerability manifest?
The vulnerability manifests as a heap buffer overflow in the r_read_le32 function in radare2.
How can I fix CVE-2022-28072?
To fix CVE-2022-28072, it is recommended to update radare2 to a version that includes the fix, such as version 5.4.3 or newer.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/event
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/radare
- canonical/radare radare2
- version/radare radare2/5.4.0
- version/radare radare2/5.4.2