CVE-2024-11858

Radare2: command injection via pebble application files in radare2

Published: 12/15/2024 Last updated: 12/16/2024 Reserved: 11/27/2024

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing

CNA assigner: fedora (92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.6	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Opam packages affected (2)

conf-radare2 radare2

Products affected (0)

No product listed.

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=2329102