CVE-2022-28071 - Vulnerability Details

Vendors	Products
Radare	Radare2

Link	Providers
https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-28071", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-03T14:37:46.152Z", "dateReserved": "2022-03-28T00:00:00", "datePublished": "2023-08-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-22T15:45:13.101233"}, "descriptions": [{"lang": "en", "value": "A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:11.200Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T14:37:37.641192Z", "id": "CVE-2022-28071", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T14:37:46.152Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-28071 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-10-03T14:37:46.152Z (string)

dateReserved : 2022-03-28T00:00:00 (string)

datePublished : 2023-08-22T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-08-22T15:45:13.101233 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T05:41:11.200Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-03T14:37:37.641192Z (string)

id : CVE-2022-28071 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-03T14:37:46.152Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:11.200Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-28071", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-03T14:37:37.641192Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T14:37:42.670Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5"}], "descriptions": [{"lang": "en", "value": "A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-22T15:45:13.101233"}}}, "cveMetadata": {"cveId": "CVE-2022-28071", "state": "PUBLISHED", "dateUpdated": "2024-10-03T14:37:46.152Z", "dateReserved": "2022-03-28T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T05:41:11.200Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-28071 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-03T14:37:37.641192Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-03T14:37:42.670Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-08-22T15:45:13.101233 (string)

}

cveMetadata : { »

cveId : CVE-2022-28071 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-03T14:37:46.152Z (string)

dateReserved : 2022-03-28T00:00:00 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2023-08-22T00:00:00 (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717", "vulnerable": true}, {"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0."}, {"lang": "es", "value": "Un use after free en la funci\u00f3n r_reg_get_name_idx en radare2 5.4.2 y 5.4.0."}], "id": "CVE-2022-28071", "lastModified": "2024-11-21T06:56:43.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-22T19:16:22.667", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 834B6EB8-099A-469F-ADA3-183E51E43717 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. (string)

}

1 : { »

lang : es (string)

value : Un use after free en la función r_reg_get_name_idx en radare2 5.4.2 y 5.4.0. (string)

}

]

id : CVE-2022-28071 (string)

lastModified : 2024-11-21T06:56:43.127 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-08-22T19:16:22.667 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object