CVE-2022-1207

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1207
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1207.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1207
Downstream
Related
Published
2022-04-01T19:15:07Z
Modified
2025-10-14T19:02:30.420444Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
Summary
[none]
Details

Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d94100d386e8bc349b500af309e1880447a1e9da
Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
605785b65dd356d46d4487faa41dbf90943b8bc1

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0

2.*

2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0

3.*

3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0

4.*

4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
4.5.1

5.*

5.0.0
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.3.1
5.4.0
5.4.0-git
5.4.2
5.5.0
5.5.2
5.5.4
5.6.0
5.6.2
5.6.4
5.6.6

Other

Continuous-Windows
continuous
radare2-windows-nightly
termux

release-5.*

release-5.0.0

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-1207-05ffd007",
            "signature_type": "Function",
            "target": {
                "file": "libr/anal/p/anal_cris.c",
                "function": "set_reg_profile"
            },
            "signature_version": "v1",
            "digest": {
                "length": 628.0,
                "function_hash": "277295620306164828930023546320268928138"
            },
            "deprecated": false,
            "source": "https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1"
        },
        {
            "id": "CVE-2022-1207-7b41080a",
            "signature_type": "Line",
            "target": {
                "file": "libr/anal/p/anal_cris.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "190192512132637055350299318901585789839",
                    "250300565185148120707320668039564136968",
                    "190330392181163640291737804494317739174",
                    "207130632129305823522918978274931817695",
                    "41113995969819342253784336296906120121",
                    "325411645132126259192723466222719368584",
                    "46261025945451579018169241148570364907",
                    "148036384775063951233554411948472362771",
                    "78548268191722656858839338965825537963",
                    "243052376339074451838785187119697618171",
                    "147508746407650566228803676514174340482",
                    "55897616101428406116874925352806804231",
                    "72637479541186468665508766070483624219",
                    "80030022846734303284197580268490258335",
                    "303609172072754152085877300862111413080",
                    "150535019655756578411173088940822680977",
                    "223946840268991390998035533338500079785",
                    "111973189146273097155170576867882212987",
                    "167757391256122146170090265271390371111",
                    "259857987794466622829625963564327758218",
                    "19162951266223998327807982407256900171",
                    "38222671684873447702211062909990761753",
                    "117880743765591602302856226769401892697",
                    "161182019022907779644847463113278552889",
                    "339877141638137870196361257506237381823",
                    "159202311479702144177224427623830593168",
                    "128240151835169054138260455269600601061",
                    "2554853706126777355487104910977450788",
                    "156947812675833567190270293432726935238",
                    "249282335473814554627906300753641363105",
                    "202462387408920765190014958728442999409",
                    "334027287118738347949135648816346655977",
                    "117744058062399611495222347691355834461",
                    "103196578867692114280079006495709436325",
                    "240949981239470662318103698497463012104",
                    "210933192623490234152020017092203260314",
                    "129919297218449212595971210237068438068"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1"
        },
        {
            "id": "CVE-2022-1207-bf590cb6",
            "signature_type": "Function",
            "target": {
                "file": "libr/anal/p/anal_cris.c",
                "function": "analop"
            },
            "signature_version": "v1",
            "digest": {
                "length": 3852.0,
                "function_hash": "125174365622696506699671119889092668861"
            },
            "deprecated": false,
            "source": "https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1"
        }
    ]
}