CVE-2022-1052: 
NixOS vulnerability analysis and mitigation

A Heap Buffer Overflow vulnerability was identified in the iteratechainedfixups function within the GitHub repository radareorg/radare2 versions prior to 5.6.6. The vulnerability was assigned CVE-2022-1052 and was disclosed on March 24, 2022 (NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787). It received a CVSS v3.1 base score of 5.5 (Medium) from NVD with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, while huntr.dev assessed it at 7.3 (High) with vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L (NVD).

The vulnerability could allow attackers to trigger a read past the end of an allocated object, potentially leading to system crashes and denial of service conditions. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity according to the NVD scoring (NVD).

The vulnerability has been patched in radare2 version 5.6.6 and later. Users are advised to upgrade to the fixed version. A patch was committed to the repository that addresses the heap out-of-bounds read in the macho.iteratechainedfixups function (GitHub Patch).