Alpine: multiple radare2 packages: security update to 5.7.0-r0

critical Tenable Cloud Security Plugin ID 406888

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. (CVE-2022-1809)

- Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the
program reads data past the end of the intented buffer. Typically, this can allow attackers to read
sensitive information from other memory locations or cause a crash. (CVE-2022-1437)

- heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable
of inducing denial of service. (CVE-2022-1444)

- Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2
prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this
can allow attackers to read sensitive information from other memory locations or cause a crash. More
details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
(CVE-2022-1451)

- Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository
radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented
buffer. Typically, this can allow attackers to read sensitive information from other memory locations or
cause a crash. More details see [CWE-125: Out-of-bounds
read](https://cwe.mitre.org/data/definitions/125.html). (CVE-2022-1452)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-1437

https://security.alpinelinux.org/vuln/CVE-2022-1444

https://security.alpinelinux.org/vuln/CVE-2022-1451

https://security.alpinelinux.org/vuln/CVE-2022-1452

https://security.alpinelinux.org/vuln/CVE-2022-1649

https://security.alpinelinux.org/vuln/CVE-2022-1714

https://security.alpinelinux.org/vuln/CVE-2022-1809

https://security.alpinelinux.org/vuln/CVE-2022-1899

Plugin Details

Severity: Critical

ID: 406888

Version: Revision 1.28

Type: Local

Published: 10/31/2023

Updated: 6/1/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-1809

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-1899

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/22/2022

Reference Information

CVE: CVE-2022-1437, CVE-2022-1444, CVE-2022-1451, CVE-2022-1452, CVE-2022-1649, CVE-2022-1714, CVE-2022-1809, CVE-2022-1899