NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Radare2 | Radare | * | 5.6.0 (excluding) |
| Radare2 | Ubuntu | bionic | * |
| Radare2 | Ubuntu | focal | * |
| Radare2 | Ubuntu | lunar | * |
| Radare2 | Ubuntu | mantic | * |
| Radare2 | Ubuntu | oracular | * |
| Radare2 | Ubuntu | plucky | * |
| Radare2 | Ubuntu | trusty | * |
| Radare2 | Ubuntu | xenial | * |
Potential Mitigations
References
- http://www.openwall.com/lists/oss-security/2022/05/25/1
- https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
- https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6
- https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKGIB52R4XPCPNEW6GF56EHW7ST24IJU/
- http://www.openwall.com/lists/oss-security/2022/05/25/1
- https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
- https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6
- https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKGIB52R4XPCPNEW6GF56EHW7ST24IJU/