Lucene search
Veracode Vulnerability DatabaseVERACODE:25286HistoryMay 10, 2020 - 11:24 p.m.
Command Injection
2020-05-1023:24:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
51.1%
radare2 is vulnerable to command injection. A command injection vulnerability exists in the function bin_symbols() in libr/core/cbin.c. An attacker is able to execute arbitrary shell commands using a malicious executable file due to improper handling of symbol names embedded in executables.
| CPE | Name | Operator | Version |
|---|---|---|---|
| radare2:3.11 | eq | 3.9.0-r0 | |
| radare2:3.11 | eq | 3.9.0-r0 |
References
bananamafia.dev/post/r2-pwndebian/
github.com/radare/radare2/pull/14690
github.com/radare/radare2/releases/tag/3.7.0
lists.fedoraproject.org/archives/list/[email protected]/message/ETWG4VKHWL5F74L3QBBKSCOXHSRNSRRT/
lists.fedoraproject.org/archives/list/[email protected]/message/MGA2PVBFA6VPWWLMBGWVBESHAJBQ7OXJ/
lists.fedoraproject.org/archives/list/[email protected]/message/RQO7V37RGQEKZDLY2JYKDZTLNN2YUBC5/
Related
nessus
nessus
Fedora 29 : radare2 (2019-65c33bdc2a)
2019-10-21 00:00:00
Fedora 31 : cutter-re / radare2 (2019-e931422a81)
2019-10-08 00:00:00
Fedora 30 : cutter-re / radare2 (2019-b3de19c346)
2019-10-14 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: cutter-re-1.9.0-1.fc31
2019-10-08 00:30:22
[SECURITY] Fedora 31 Update: radare2-3.9.0-1.fc31.1
2019-10-08 00:30:22
[SECURITY] Fedora 29 Update: radare2-3.9.0-3.fc29.1
2019-10-19 17:45:28
alpinelinux
alpinelinux
CVE-2019-14745
2019-08-07 15:15:14
nvd
nvd
CVE-2019-14745
2019-08-07 15:15:14
CVE-2019-16718
2019-09-23 14:15:10
openvas
openvas
Fedora Update for cutter-re FEDORA-2019-e931422a81
2020-01-09 00:00:00
Fedora Update for radare2 FEDORA-2019-65c33bdc2a
2019-10-23 00:00:00
Fedora Update for radare2 FEDORA-2019-e931422a81
2020-01-09 00:00:00
debiancve
debiancve
CVE-2019-14745
2019-08-07 15:15:14
CVE-2019-16718
2019-09-23 14:15:10
cvelist
cvelist
CVE-2019-14745
2019-08-07 14:58:18
CVE-2019-16718
2019-09-23 13:18:28
cve
cve
CVE-2019-14745
2019-08-07 15:15:14
CVE-2019-16718
2019-09-23 14:15:10
osv
osv
CVE-2019-14745
2019-08-07 15:15:14
CVE-2019-16718
2019-09-23 14:15:10
githubexploit
githubexploit
Exploit for Command Injection in Radare Radare2
2019-11-04 22:31:27
prion
prion
Command injection
2019-08-07 15:15:00
Command injection
2019-09-23 14:15:00
ubuntucve
ubuntucve
CVE-2019-16718
2019-09-23 00:00:00
CVE-2019-14745
2019-08-07 00:00:00
mageia
mageia
Updated radare2 packages fix security vulnerabilities
2020-01-08 00:19:56