CVE-2019-14745Command Injection in Radare2

CWE-77Command InjectionCWE-78OS Command Injection12 documents5 sources
Severity
7.8HIGHNVD
EPSS
7.1%
top 8.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Radare Radare2Debian Radare2Fedoraproject Fedora
Timeline
PublishedAug 7
Latest updateMay 24

Description

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDradare/radare2< 3.7.0+1
debiandebian/radare2< radare2 3.9.0+dfsg-1 (sid)+1
Ubunturadare/radare2< 4.2.1+dfsg-1

Also affects: Fedora 29, 30, 31

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-cvhg-r97v-r4mp: In radare2 before 32022-05-24
GHSA
GHSA-644g-qxf2-f99x: In radare2 before 32022-05-24
OSV
CVE-2019-16718: In radare2 before 32019-09-23
OSV
CVE-2019-14745: In radare2 before 32019-08-07

📋Vendor Advisories

2
Debian
CVE-2019-16718: radare2 - In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols...2019
Debian
CVE-2019-14745: radare2 - In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols...2019

💬Community

4
Bugzilla
CVE-2019-16718 radare2: command injection vulnerability in bin_symbols() in libr/core/cbin.c2019-11-11
Bugzilla
CVE-2019-14745 radare2: command injection vulnerability in bin_symbols() in libr/core/cbin.c leads to arbitrary code execution2019-09-27
Bugzilla
CVE-2019-14745 radare2: a command injection vulnerability in bin_symbols() in libr/core/cbin.c leads to arbitrary code execution [fedora-all]2019-09-27
Bugzilla
CVE-2019-14745 radare2: a command injection vulnerability in bin_symbols() in libr/core/cbin.c leads to arbitrary code execution [epel-7]2019-09-27