Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-11858

8.6 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months, 1 week ago

Radare2: command injection via pebble application files in radare2

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing

References

RHBZ#2329102 issue-tracking x_refsource_REDHAT
RHBZ#2329102 issue-tracking x_refsource_REDHAT

Affected products

radare2

<5.9.9

Matching in nixpkgs

pkgs.radare2

UNIX-like reverse engineering framework and command-line toolset

nixos-unstable -
- nixpkgs-unstable 6.0.2

Package maintainers

@Mic92 Jörg Thalheim <joerg@thalheim.io>
@makefu Felix Richter <makefu@syntax-fehler.de>
@arkivm Vikram Narayanan <vikram186@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@azahi Azat Bahawi <azat@bahawi.net>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.radare2

Package maintainers