CVE-2022-0713: 
NixOS vulnerability analysis and mitigation

A Heap-based Buffer Overflow vulnerability was discovered in GitHub repository radareorg/radare2 prior to version 5.6.4. The vulnerability was assigned CVE-2022-0713 and was disclosed on February 22, 2022. The vulnerability affects the radare2 reverse engineering framework, which is a multi-architecture, multi-platform tool that provides capabilities such as hexadecimal editing, debugging, and code analysis (NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787). According to the National Vulnerability Database, it received a CVSS v3.1 base score of 7.1 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H. The vulnerability specifically affects the macho core symbolication functionality in the codebase (GitHub Commit).

The vulnerability could potentially lead to high confidentiality and availability impacts, as indicated by the CVSS score. Being a heap-based buffer overflow, it could allow attackers to corrupt memory and potentially execute arbitrary code or cause program crashes (NVD).

The vulnerability was fixed in radare2 version 5.6.4. Users are advised to upgrade to this version or later. The fix involves adding proper bounds checking in the macho core symbolication code (GitHub Commit, Fedora Update).