949208 – (CVE-2022-1207) <dev-util/rizin-0.7.4: oob read

Bug 949208 (CVE-2022-1207) - <dev-util/rizin-0.7.4: oob read

Summary: <dev-util/rizin-0.7.4: oob read

Status:	IN_PROGRESS

Alias:	CVE-2022-1207

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa cleanup]
Keywords:

Depends on:
Blocks:

Reported:	2025-02-01 22:52 UTC by John Helmert III
Modified:	2025-02-01 23:10 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2025-02-01 22:52:10 UTC

CVE-2022-1207 (https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb):

Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

Apparently fixed in Rizin with 0.7.4 according to the release notes: https://github.com/rizinorg/rizin/releases

Comment 1 Larry the Git Cow gentoo-dev

2025-02-01 23:08:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=869e31e5d7fc025c7de569bbda124f0b9d817d4a

commit 869e31e5d7fc025c7de569bbda124f0b9d817d4a
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2025-02-01 23:08:23 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2025-02-01 23:08:23 +0000

    dev-util/rizin: drop 0.7.3-r1
    
    Bug: https://bugs.gentoo.org/949208
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-util/rizin/rizin-0.7.3-r1.ebuild | 103 -----------------------------------
 1 file changed, 103 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e24d34c2a8af6627a3eccdd529dea8212699d094

commit e24d34c2a8af6627a3eccdd529dea8212699d094
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2025-02-01 23:07:36 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2025-02-01 23:07:45 +0000

    dev-util/rizin: stabilize 0.7.4 for amd64
    
    Bug: https://bugs.gentoo.org/949208
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-util/rizin/rizin-0.7.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c865d38005112eac1570480593cc2a82e0f2132e

commit c865d38005112eac1570480593cc2a82e0f2132e
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2025-02-01 23:05:10 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2025-02-01 23:05:47 +0000

    dev-util/rizin: add 0.7.4
    
    Bug: https://bugs.gentoo.org/949208
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-util/rizin/Manifest           |   2 +
 dev-util/rizin/rizin-0.7.4.ebuild | 101 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)

Comment 2 John Helmert III archtester

2025-02-01 23:10:45 UTC

> Apparently fixed in Rizin with 0.7.4 according to the release notes: https://github.com/rizinorg/rizin/releases

Plus some other potentially security-relevant fixes:

> Fix out of bound read in GNU CRIS analysis plugin
> Fix out of bound read in ObjC analysis
> Harden string limits check in coresymbolication
> Always check for NULL after allocating memory during the parsing of dyldcache

I've deliberately kept 0.7.3-r2 just in case there's a problem with 0.7.4 since the impact is minimal but intend to fully cleanup in a few days (others feel free to do it as well).