What is CVE-2020-15121?

CVE-2020-15121 is a high-severity vulnerability in Radareorg Radare2, classified under OS Command Injection. CVSS score: 7.4/10. Published 2020-07-20.

How severe is CVE-2020-15121?

High severity. CVSS v3 base score is 7.4 out of 10.

RCE in Radareorg Radare2

CVE-2020-15121

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execut…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.008 (75.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N.

Affected products

Radareorg Radare2 — versions < 4.5.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 (x_refsource_CONFIRM)
github.com/radareorg/radare2/issues/16945 (x_refsource_MISC)
github.com/radareorg/radare2/pull/16966 (x_refsource_MISC)
github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 (x_refsource_MISC)
FEDORA-2020-d5b33b6e6c (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-aa51efe207 (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2020-15121?: CVE-2020-15121 is a high-severity vulnerability in Radareorg Radare2, classified under OS Command Injection. CVSS score: 7.4/10. Published 2020-07-20.
How severe is CVE-2020-15121?: High severity. CVSS v3 base score is 7.4 out of 10.