CVE-2020-15121
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15121
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15121.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-15121
- Related
- Published
- 2020-07-20T18:15:12Z
- Modified
- 2025-01-15T01:44:01.308132Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.
- References
-
- https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
- https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
- https://github.com/radareorg/radare2/issues/16945
- https://github.com/radareorg/radare2/pull/16966
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
- https://security-tracker.debian.org/tracker/CVE-2020-15121
Affected packages
Debian:13 / radare2
Package
- Name
- radare2
- Purl
- pkg:deb/debian/radare2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.0.0+dfsg-1
Affected versions
0.*
0.6-1
0.7-1
0.7-2
0.7-3
0.8.1-1
0.8.8-1
0.8.8-2
0.9-1
0.9-2
0.9-3
0.9.4-1
0.9.4-2
0.9.6-1
0.9.6-2
0.9.6-3
0.9.6-3.1
0.10.5+dfsg-1
0.10.5+dfsg1-1
0.10.6+dfsg-1
1.*
1.0+dfsg-1
1.0.2+dfsg-1
1.1.0+dfsg-1
1.1.0+dfsg-2
1.1.0+dfsg-3
1.1.0+dfsg-4
1.1.0+dfsg-5
1.2.0+dfsg-1
1.2.1+dfsg-1
1.2.1+dfsg-2
1.2.1+dfsg-3
1.2.1+dfsg-4
1.2.1+dfsg-5
1.3.0+dfsg-1
1.3.0+dfsg-2
1.4.0+dfsg-1
1.5.0+dfsg-1
1.6.0+dfsg-1
2.*
2.0.0+dfsg-1
2.1.0+dfsg-1
2.3.0+dfsg-1
2.3.0+dfsg-2
2.4.0+dfsg-1
2.6.0+dfsg-1
2.7.0+dfsg-1
2.8.0+dfsg-1
2.9.0+dfsg-1
3.*
3.0.0+dfsg-1
3.0.1+dfsg-1
3.1.0+dfsg-1
3.1.2+dfsg-1
3.1.2+dfsg-1.1
3.2.1+dfsg-1
3.2.1+dfsg-2
3.2.1+dfsg-3
3.2.1+dfsg-4
3.2.1+dfsg-5
3.8.0+dfsg-1
3.9.0+dfsg-1
4.*
4.0.0+dfsg-1
4.2.1+dfsg-1
4.2.1+dfsg-2
4.3.1+dfsg-1
Git / github.com/radare/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radare/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
2.6.9
2.7.0
2.8.0
2.9.0
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.8.0
3.9.0
4.*
4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.4.0
Other
Continuous-Windows
continuous
radare2-windows-nightly
termux