Main Vulnerability Database SB2019101153

SB2019101153 - Fedora 29 update for radare2

Published: October 11, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019101153

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Command Injection (CVE-ID: CVE-2019-14745)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2019-65c33bdc2a