[Git][security-tracker-team/security-tracker][master] Add four new radare2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 9 20:40:52 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb5690db by Salvatore Bonaccorso at 2022-02-09T21:40:27+01:00
Add four new radare2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -154,17 +154,25 @@ CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
 	TODO: check
 CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
-	TODO: check
+	- radare2 <unfixed>
+	NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
+	NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269
 CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
 	TODO: check
 CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...)
-	TODO: check
+	- radare2 <unfixed>
+	NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca
+	NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
 CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
 	TODO: check
 CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
-	TODO: check
+	- radare2 <unfixed>
+	NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
+	NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
 CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	TODO: check
+	- radare2 <unfixed>
+	NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
+	NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
 CVE-2022-0517
 	RESERVED
 CVE-2022-0516



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb5690dbd3422ba095bd6926ebf13f0e95f63058

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb5690dbd3422ba095bd6926ebf13f0e95f63058
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220209/88b0ca00/attachment.htm>

More information about the debian-security-tracker-commits mailing list