CVE-2020-15121

CVE-2020-15121

Name

CVE-2020-15121

Description

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
Third Party Advisory	https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
Third Party Advisory	https://github.com/radareorg/radare2/issues/16945
Third Party Advisory	https://github.com/radareorg/radare2/pull/16966
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/

Type

URI

Patch

https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9

Third Party Advisory

https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358

Third Party Advisory

https://github.com/radareorg/radare2/issues/16945

Third Party Advisory

https://github.com/radareorg/radare2/pull/16966

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/