CVE-2024-11858
Radare2: command injection via pebble application files in radare2
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.6EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Productos afectados
radare2