CVE-2020-15121

HIGH

radare2 <4.5.0 - Command Injection

Title source: llm

Description

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

References (6)

[Third Party Advisory] https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358

[Third Party Advisory] https://github.com/radareorg/radare2/issues/16945

[Third Party Advisory] https://github.com/radareorg/radare2/pull/16966

[Patch, Third Party Advisory] https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9

View Patch ZIP pw:eip

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/

Scores

CVSS v3 7.4

EPSS 0.0059

EPSS Percentile 69.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Details

CWE

CWE-78

Status published

Products (3)

fedoraproject/fedora 31

fedoraproject/fedora 32

radare/radare2 < 4.5.0

Published Jul 20, 2020

Tracked Since Feb 18, 2026