CVE-2019-14745

HIGH

radare2 < 3.7.0 - Command Injection via Crafted Executable Symbol Names

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14745. PoCs published by xooxo.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-14745, a vulnerability in radare2 that allows command injection via crafted symbol names in binaries. The PoC uses LIEF to modify a binary's dynamic symbol, embedding a shell command that executes when radare2 processes the binary.

Description

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

Exploits (1)

nomisec WORKING POC 2 stars

by xooxo · poc

https://github.com/xooxo/CVE-2019-14745

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-14745, a vulnerability in radare2 that allows command injection via crafted symbol names in binaries. The PoC uses LIEF to modify a binary's dynamic symbol, embedding a shell command that executes when radare2 processes the binary.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: radare2 (versions affected by CVE-2019-14745)

No auth needed

Prerequisites: Python with LIEF bindings · target binary with writable symbols · radare2 installed on victim system

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory x_refsource_misc

https://bananamafia.dev/post/r2-pwndebian/

Patch, Third Party Advisory x_refsource_misc

https://github.com/radare/radare2/pull/14690

Release Notes x_refsource_misc

https://github.com/radare/radare2/releases/tag/3.7.0

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQO7V37RGQEKZDLY2JYKDZTLNN2YUBC5/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGA2PVBFA6VPWWLMBGWVBESHAJBQ7OXJ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETWG4VKHWL5F74L3QBBKSCOXHSRNSRRT/

Scores

CVSS v3 7.8

EPSS 0.0441

EPSS Percentile 90.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (4)

fedoraproject/fedora 29

fedoraproject/fedora 30

fedoraproject/fedora 31

radare/radare2 < 3.7.0

Published Aug 07, 2019

Tracked Since Feb 18, 2026