CVE-2022-1899

moderate-risk
Published 2022-05-26

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.

Do I need to act?

-
0.45% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Radare

References (4)

Patch https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c460442...
Exploit https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
Patch https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c460442...
Exploit https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
38
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal