CVE-2020-15121OS Command Injection in Radare2

CWE-78OS Command Injection6 documents4 sources
Severity
9.6CRITICALNVD
EPSS
0.6%
top 30.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Radareorg Radare2Radare Radare2Debian Radare2+1 more
Timeline
PublishedJul 20
Latest updateJul 21

Description

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

NVDradare/radare2< 4.5.0
debiandebian/radare2< radare2 5.0.0+dfsg-1 (sid)
CVEListV5radareorg/radare2< 4.5.0

Also affects: Fedora 31, 32

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2020-15121: In radare2 before version 42020-07-20

📋Vendor Advisories

1
Debian
CVE-2020-15121: radare2 - In radare2 before version 4.5.0, malformed PDB file names in the PDB server path...2020

💬Community

3
Bugzilla
CVE-2020-15121 radare2: malformed PDB file names in the PDB server path cause shell injection2020-07-21
Bugzilla
CVE-2020-15121 radare2: malformed PDB file names in the PDB server path cause shell injection [fedora-all]2020-07-21
Bugzilla
CVE-2020-15121 radare2: malformed PDB file names in the PDB server path cause shell injection [epel-all]2020-07-21