| Bug ID | 1206298 |
|---|---|
| Summary | VUL-0: CVE-2022-4398: radare2: integer overflow vulnerability |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.5 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/350236/ |
| OS | Other |
| Status | NEW |
| Severity | Minor |
| Priority | P5 - None |
| Component | Security |
| Assignee | daniel@molkentin.de |
| Reporter | thomas.leroy@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
rh#2152390 Integer overflow in realloc and memcpy calls in core_anal_graph_label. In the process of concatenating source lines based on DWARF data, the resulting size (32bit signed int) can overflow. The sizes of the realloc and memcpy calls differ, and potentially can lead to writes in an unintended location. References: https://bugzilla.redhat.com/show_bug.cgi?id=2152390 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4398 https://www.cve.org/CVERecord?id=CVE-2022-4398 https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8 https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2