Login Sign Up

CVE-2022-0139

9.8 CRITICAL
Denial of Service

📋 TL;DR

CVE-2022-0139 is a use-after-free vulnerability in radare2, a popular reverse engineering framework. This allows attackers to execute arbitrary code or cause denial of service by exploiting memory corruption after freeing. Users running radare2 versions prior to 5.6.0 are affected.

💻 Affected Systems

Products:
  • radare2
Versions: All versions prior to 5.6.0
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the radare2 process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution depending on exploit sophistication.

🟢

If Mitigated

Minimal impact if proper memory protections (ASLR, DEP) are enabled and the process runs with limited privileges.

🌐 Internet-Facing: LOW (radare2 is typically not exposed to the internet directly)
🏢 Internal Only: MEDIUM (could be exploited via malicious files analyzed internally)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file) but no authentication. Proof-of-concept exists in public reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.6.0 and later

Vendor Advisory: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c

Restart Required: No

Instructions:

1. Update radare2 to version 5.6.0 or later using your package manager or from source. 2. For package managers: 'sudo apt update && sudo apt upgrade radare2' (Debian/Ubuntu) or equivalent. 3. For source: git clone, checkout latest release, compile and install.

🔧 Temporary Workarounds

Restrict file analysis

all

Limit radare2 usage to trusted files only and avoid analyzing untrusted binaries.

Run with reduced privileges

linux

Execute radare2 with minimal user permissions to limit potential damage from exploitation.

sudo -u nobody radare2 [file]

🧯 If You Can't Patch

  • Isolate radare2 usage to dedicated, non-critical systems with network restrictions.
  • Implement strict file validation and sandboxing for any binary analysis workflows.

🔍 How to Verify

Check if Vulnerable:

Run 'r2 -v' and check if version is below 5.6.0.

Check Version:

r2 -v

Verify Fix Applied:

Confirm version is 5.6.0 or higher with 'r2 -v' and test with known malicious samples if available.

📡 Detection & Monitoring

Log Indicators:

  • Process crashes of radare2
  • Unexpected memory access errors in system logs

Network Indicators:

  • Unusual outbound connections from radare2 process

SIEM Query:

Process:radare2 AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2022-0139
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: February 8, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0139, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)