Command Injection Vulnerability in radare2 bin_symbols() Function

Command Injection Vulnerability in radare2 bin_symbols() Function

CVE-2019-14745 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

Learn more about our Web Application Penetration Testing UK.