In radare2 prior to 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
radare radare2 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |