Lucene search

PRIOn knowledge basePRION:CVE-2020-15121

HistoryJul 20, 2020 - 6:15 p.m.

Directory traversal

2020-07-2018:15:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it’s required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

CPENameOperatorVersion
fedoraeq31
fedoraeq32
radare2lt4.5.0

Name	Operator	Version
fedora	eq	31
fedora	eq	32
radare2	lt	4.5.0

References

github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9

github.com/radareorg/radare2/issues/16945

github.com/radareorg/radare2/pull/16966

github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/