{"id":"CVE-2022-28073","details":"A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.","modified":"2026-04-10T15:07:13.065539Z","published":"2023-08-22T19:16:22.843Z","references":[{"type":"FIX","url":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"df953a40887aa5dc947ca3c08d70e39359f9c0e3"},{"introduced":"0"},{"last_affected":"84e6cc6a21ec1c816d4d3eb3510d2cdc94330414"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.4.0"},{"introduced":"0"},{"last_affected":"5.4.2"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"59a9dfb60acf8b5c0312061cffd9693fc9526053"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","2.6.0","2.6.9","2.7.0","2.8.0","2.9.0","3.0.0","3.0.1","3.1.0","3.1.1","3.1.2","3.1.3","3.2.0","3.2.1","3.3.0","3.4.0","3.4.1","3.5.0","3.5.1","3.6.0","3.7.0","3.7.1","3.8.0","3.9.0","4.0.0","4.1.0","4.1.1","4.2.0","4.2.1","4.3.0","4.3.1","4.4.0","4.5.1","5.0.0","5.1.0","5.1.1","5.2.0","5.2.1","5.3.0","5.3.1","5.4.0","5.4.0-git","5.4.2","Continuous-Windows","continuous","radare2-windows-nightly","release-5.0.0","termux"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","id":"CVE-2022-28073-48ad4089","target":{"file":"libr/core/cmd_anal.c"},"digest":{"line_hashes":["107965403694139141800883347947913532701","90858975693036788028608609588124022265","91098963071992624841683449385395680558","22767473244447740504981729120555308088","247000964506623080778811502719665681668","276733396430313155747190658361066390962","226299340826807465848498720845665177618","112396456098419320478828881307016113626","242253239353985117994160421411365598951","337369892757591744372938417976276276080","75895697324596618579084262595050099514","302827732959799927538842265254498105694","166714499320889079419288572959143241326"],"threshold":0.9},"source":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2022-28073-78127409","target":{"file":"libr/core/anal_tp.c","function":"r_core_anal_type_match"},"digest":{"function_hash":"285989314592378426913415680164616220717","length":8648},"source":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2022-28073-9d2a54cd","target":{"file":"libr/reg/rvalue.c","function":"r_reg_set_value"},"digest":{"function_hash":"204028207422224448207553106569323567684","length":1864},"source":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"CVE-2022-28073-edaa3853","target":{"file":"libr/reg/rvalue.c"},"digest":{"line_hashes":["318729812593611023103554930368898728989","49773521259689398108543093835176613012","51529064426519814179888507050204380699","104606128581635823925979556556726119891","246242639589626985321667502764054435175","245829021877674134125367048357940842841","181365753083643883803333819815096423015"],"threshold":0.9},"source":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2022-28073-f38bb3f2","target":{"file":"libr/core/cmd_anal.c","function":"cmd_anal_reg"},"digest":{"function_hash":"338253653074750491800978514334914077827","length":8545},"source":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"CVE-2022-28073-fce9af89","target":{"file":"libr/core/anal_tp.c"},"digest":{"line_hashes":["217162351361486105630499451692671626250","180232910030786710389110733687392630590","323015404115345229691306406559461738326","128744477728164312191741660526391552979","13015060849857345863188219995292712546","307608947464186904513035752868391610898","225526161422989738646426351772365374436","17471026006023902788232861735162612741","41965731703346872902157036384796507205","337421225254291427843929029252686127228","168989720800178328957008276514095732168","245656965178474216744987159939380588043","22700095761782948234199737776342375501","135889908066765768867101124481055821515","38696921190626502429738861145782385651","286409936264508199882249355947142546207","89791071719949603264578135948408064814"],"threshold":0.9},"source":"https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28073.json","vanir_signatures_modified":"2026-04-10T15:07:13Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}