Unrated severityNVD Advisory· Published Aug 7, 2019· Updated Aug 5, 2024
CVE-2019-14745
CVE-2019-14745
Description
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- radare2/radare2description
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETWG4VKHWL5F74L3QBBKSCOXHSRNSRRT/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGA2PVBFA6VPWWLMBGWVBESHAJBQ7OXJ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQO7V37RGQEKZDLY2JYKDZTLNN2YUBC5/mitrevendor-advisoryx_refsource_FEDORA
- bananamafia.dev/post/r2-pwndebian/mitrex_refsource_MISC
- github.com/radare/radare2/pull/14690mitrex_refsource_MISC
- github.com/radare/radare2/releases/tag/3.7.0mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.