In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.
References
Configurations
History
07 Nov 2023, 03:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-07-20 18:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-15121
Mitre link : CVE-2020-15121
CVE.ORG link : CVE-2020-15121
JSON object : View
Products Affected
fedoraproject
- fedora
radare
- radare2
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')