A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​
History

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 16 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
Title Radare2: command injection via pebble application files in radare2

Sun, 15 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-12-15T13:57:32.889Z

Updated: 2024-12-16T16:39:35.500Z

Reserved: 2024-11-27T09:48:03.636Z

Link: CVE-2024-11858

cve-icon Vulnrichment

Updated: 2024-12-16T16:38:56.080Z

cve-icon NVD

Status : Received

Published: 2024-12-15T14:15:22.320

Modified: 2024-12-15T14:15:22.320

Link: CVE-2024-11858

cve-icon Redhat

No data.