CVE-2024-11858
Radare2: command injection via pebble application files in radare2
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
radare2