[Git][security-tracker-team/security-tracker][master] radare2 bug

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 6 19:36:46 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1fd4f01f by Moritz Muehlenhoff at 2022-07-06T20:36:22+02:00
radare2 bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9060,7 +9060,7 @@ CVE-2022-31736
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736
 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
 	NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
 CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
@@ -10398,7 +10398,7 @@ CVE-2022-31262
 CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x throu ...)
 	NOT-FOR-US: Morpheus
 CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17
 	NOTE: https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d
 CVE-2022-31260
@@ -11977,7 +11977,7 @@ CVE-2022-26023
 CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts prior t ...)
 	NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
 	NOTE: https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
 CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An  ...)
@@ -12573,7 +12573,7 @@ CVE-2022-1650 (Exposure of Sensitive Information to an Unauthorized Actor in Git
 	NOTE: https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e/
 	NOTE: https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 (v2.0.2)
 CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
 	NOTE: https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
 CVE-2022-1648
@@ -15305,11 +15305,11 @@ CVE-2022-1454
 CVE-2022-1453 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
 	NOT-FOR-US: RSVPMaker plugin for WordPress
 CVE-2022-1452 (Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function i ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6
 	NOTE: https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168
 CVE-2022-1451 (Out-of-bounds Read in r_bin_java_constant_value_attr_new function in G ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
 	NOTE: https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
 CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this  ...)
@@ -15336,7 +15336,7 @@ CVE-2022-1446
 CVE-2022-1445 (Stored Cross Site Scripting vulnerability in the checked_out_to parame ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa
 	NOTE: https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5
 CVE-2022-1443
@@ -15399,7 +15399,7 @@ CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub repos
 CVE-2022-1438
 	RESERVED
 CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038
 	NOTE: https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136
 CVE-2022-1436 (The WPCargo Track & Trace WordPress plugin before 6.9.5 does not s ...)
@@ -15934,11 +15934,11 @@ CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending
 CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
 	NOTE: https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862
 CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior  ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1
 	NOTE: https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
 CVE-2022-29404 (In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ...)
@@ -17066,11 +17066,11 @@ CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize an
 CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Ta ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac
 	NOTE: https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6
 CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub reposit ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0
 	NOTE: https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6
 CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior ...)
@@ -17924,11 +17924,11 @@ CVE-2022-26045
 CVE-2022-25868
 	RESERVED
 CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
 	NOTE: https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6
 CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
 	NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
 CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not prop ...)
@@ -18013,7 +18013,7 @@ CVE-2022-1245
 	RESERVED
 	NOT-FOR-US: Keycloak
 CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82
 	NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3
 CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to  ...)
@@ -18062,17 +18062,17 @@ CVE-2022-1249 (A NULL pointer dereference flaw was found in pesign's cms_set_pw_
 	NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114)
 	NOTE: Fixed by: https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76 (115)
 CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
 	NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
 CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate the proxy ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
 	NOTE: https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778
 CVE-2022-1237 (Improper Validation of Array Index in GitHub repository radareorg/rada ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40
 	NOTE: https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6
 CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi prior to  ...)
@@ -18869,7 +18869,7 @@ CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to open re
 CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: Ultimate Member plugin for WordPress
 CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb
 	NOTE: https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1
 CVE-2022-28341
@@ -20612,7 +20612,7 @@ CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not saniti
 CVE-2022-1062 (The th23 Social WordPress plugin through 1.2.0 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
 	NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
 CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e., when ...)
@@ -21129,7 +21129,7 @@ CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.
 CVE-2022-1053 (Keylime does not enforce that the agent registrar data is the same whe ...)
 	NOT-FOR-US: Keylime
 CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7
 	NOTE: https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
 CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
@@ -22097,7 +22097,7 @@ CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
 CVE-2022-1032 (Insecure deserialization of not validated module file in GitHub reposi ...)
 	NOT-FOR-US: Crater
 CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/radare2  ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457
 	NOTE: https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb
 CVE-2022-27258 (Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3  ...)
@@ -24560,7 +24560,7 @@ CVE-2022-0850
 	[stretch] - linux 4.9.290-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2060606
 CVE-2022-0849 (Use After Free in r_reg_get_name_idx in GitHub repository radareorg/ra ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6
 	NOTE: https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24
 CVE-2022-0848 (OS Command Injection in GitHub repository part-db/part-db prior to 0.5 ...)
@@ -26761,7 +26761,7 @@ CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3
 	NOTE: https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa (v8.2.4436)
 CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c
 	NOTE: https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1
 CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...)
@@ -26822,7 +26822,7 @@ CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event
 CVE-2022-25598 (Apache DolphinScheduler user registration is vulnerable to Regular exp ...)
 	NOT-FOR-US: Apache DolphinScheduler
 CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior  ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
 	NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
 CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses containin ...)
@@ -27342,7 +27342,7 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
 	NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
 	NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
 CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea
 	NOTE: https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
 CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An  ...)
@@ -27548,7 +27548,7 @@ CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was discove
 CVE-2022-21132 (Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg ...)
 	NOT-FOR-US: pfSense
 CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485
 	NOTE: https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6
 CVE-2022-0675 (In certain situations it is possible for an unmanaged rule to exist on ...)
@@ -29559,7 +29559,7 @@ CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function wi
 CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
 	NOT-FOR-US: microweber
 CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e
 	NOTE: https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e
 CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
@@ -29793,23 +29793,23 @@ CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
 	NOT-FOR-US: Publify
 CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
 	NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269
 CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
 	NOT-FOR-US: Node radare2.js
 CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca
 	NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
 CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
 	NOT-FOR-US: Node radare2.js
 CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
 	NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
 CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
 	NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
 CVE-2022-0517
@@ -30726,7 +30726,7 @@ CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress p
 CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
 	NOTE: https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b
 CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few translat ...)
@@ -31373,7 +31373,7 @@ CVE-2022-24131 (DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting
 CVE-2022-21170 (Improper check for certificate revocation in i-FILTER Ver.10.45R01 and ...)
 	NOT-FOR-US: i-FILTER
 CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior  ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
 	NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0)
 	NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
@@ -36142,7 +36142,7 @@ CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can
 CVE-2022-0174 (dolibarr is vulnerable to Business Logic Errors ...)
 	- dolibarr <removed>
 CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
 	NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
 CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -37053,7 +37053,7 @@ CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
 CVE-2022-21806 (A use-after-free vulnerability exists in the mips_collector appsrv_ser ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
 	NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
 CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fd4f01f01346dc9193fc6ea379003080a0fe508

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fd4f01f01346dc9193fc6ea379003080a0fe508
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/a9ea6114/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list