Login Sign Up

CVE-2022-1031

7.8 HIGH

📋 TL;DR

This is a use-after-free vulnerability in the op_is_set_bp function of radare2, a reverse engineering framework. Attackers could exploit this to execute arbitrary code or cause denial of service by manipulating memory after it has been freed. Users of radare2 versions prior to 5.6.6 are affected.

💻 Affected Systems

Products:
  • radare2
Versions: All versions prior to 5.6.6
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the core radare2 binary when processing certain inputs; no special configuration required.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the radare2 process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: LOW - radare2 is typically used locally for reverse engineering, not as an internet-facing service.
🏢 Internal Only: MEDIUM - Could be exploited by malicious files or inputs processed internally, but requires user interaction with radare2.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious input that triggers the use-after-free condition; no public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.6.6 and later

Vendor Advisory: https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb

Restart Required: Yes

Instructions:

1. Update radare2 to version 5.6.6 or later using your package manager (e.g., 'sudo apt update && sudo apt upgrade radare2' on Debian/Ubuntu). 2. Alternatively, compile from source: 'git clone https://github.com/radareorg/radare2', 'cd radare2', 'git checkout 5.6.6', './sys/install.sh'. 3. Restart any running radare2 processes.

🔧 Temporary Workarounds

Avoid untrusted inputs

all

Do not use radare2 to analyze untrusted or malicious files until patched.

🧯 If You Can't Patch

  • Restrict radare2 usage to trusted, isolated environments only.
  • Implement application whitelisting to prevent execution of vulnerable radare2 binaries.

🔍 How to Verify

Check if Vulnerable:

Run 'r2 -v' and check if version is below 5.6.6.

Check Version:

r2 -v

Verify Fix Applied:

After updating, run 'r2 -v' to confirm version is 5.6.6 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from radare2 processes
  • Unexpected memory access errors in system logs

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process execution where name contains 'radare2' or 'r2' AND version < 5.6.6

📊 Metadata

CVE ID: CVE-2022-1031
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 22, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1031, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)