CVE-2024-11858
HIGHradare2 < 5.9.8 - OS Command Injection via Pebble Application File Processing
Title source: llmDescription
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2329102
Scores
CVSS v3
8.6
EPSS
0.0005
EPSS Percentile
16.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
radare/radare2
< 5.9.8
Published
Dec 15, 2024
Tracked Since
Feb 18, 2026