Описание
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.4 High
CVSS3
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.
In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...
EPSS
7.4 High
CVSS3
9.6 Critical
CVSS3
6.8 Medium
CVSS2