21 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by...
CVE-2026-40517
A flaw was found in radare2 that could lead to arbitrary operating system OS command execution. A local user could be exploited through a command injection vulnerability in the PDB Program Database parser. By processing a specially crafted malicious PDB file, the idp command would execute arbitra...
SUSE CVE-2026-40517
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
EUVD-2026-25119
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
CVE-2026-40517
CVE-2026-40517 affects radare2 before 6.1.4, where the PDB parser’s print_gvars() permits command injection via crafted PDB files. Unsanitized symbol name interpolation in the flag rename operation allows attackers to inject and execute radare2 commands when the idp command is run against the mal...
CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
CVE-2026-40517
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
CVE-2026-40517
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
Radare2 操作系统命令注入漏洞
Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Versions of Radare2 prior to 6.1.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the printgvars function in the PDB parser, which allowed command...
PT-2026-34573
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print gvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through...
Linux Distros Unpatched Vulnerability : CVE-2026-40499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary...
CVE-2026-40499
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-40499
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-40499
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-40499
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-40499
Radare2
CVE-2026-40499 radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-40499 radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
PT-2026-33002
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print gvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...