Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1120

NIXPKGS-2026-1120

GitHub issue published on

Permalink CVE-2026-40499

updated 1 week, 6 days ago by @LeSuisse Activity log

Created suggestion 1 week, 6 days ago
@LeSuisse accepted 1 week, 6 days ago
@LeSuisse published on GitHub 1 week, 6 days ago

radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted section names to inject r2 commands that are executed when the idp command processes the file.

References

https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero technical-descriptionexploit
https://github.com/radareorg/radare2/pull/25731 issue-tracking
https://github.com/radareorg/radare2/issues/25752 issue-tracking
https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeeb… patch
https://github.com/radareorg/radare2/releases/tag/6.1.4 release-notes

Ignored references (1)

https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-p… third-party-advisory

Affected products

radare2

==5590c87deeb7eb2a106fd7aab9ca88bfeebb7397
<6.1.4

Matching in nixpkgs

pkgs.radare2

UNIX-like reverse engineering framework and command-line toolset

nixos-unstable 6.1.2
- nixpkgs-unstable 6.1.2
- nixos-unstable-small 6.1.2
nixos-25.11 6.1.2
- nixos-25.11-small 6.1.2
- nixpkgs-25.11-darwin 6.1.2

Package maintainers

@Mic92 Jörg Thalheim <joerg@thalheim.io>
@arkivm Vikram Narayanan <vikram186@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@azahi Azat Bahawi <azat@bahawi.net>
@makefu Felix Richter <makefu@syntax-fehler.de>