UBUNTU-CVE-2019-14745

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-14745

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14745.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-14745

Upstream

CVE-2019-14745

Published

2019-08-07T15:15:00Z

Modified

2026-04-22T12:10:43.710448Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

References

Affected packages

Ubuntu:16.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@0.9.6-3.1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.6-3.1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "libradare2-0.9.6"
        },
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "radare2"
        },
        {
            "binary_version": "0.9.6-3.1ubuntu1",
            "binary_name": "radare2-plugins"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14745.json"

Ubuntu:Pro:18.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@2.3.0+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0+dfsg-1

2.*

2.0.0+dfsg-1

2.1.0+dfsg-1

2.3.0+dfsg-1

2.3.0+dfsg-2

2.3.0+dfsg-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.0+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-2.3"
        },
        {
            "binary_version": "2.3.0+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "2.3.0+dfsg-2ubuntu0.1~esm1",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14745.json"

Ubuntu:Pro:20.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@4.2.1+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1+dfsg-5build1

4.*

4.0.0+dfsg-1

4.2.1+dfsg-1

4.2.1+dfsg-2

4.2.1+dfsg-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.2.1+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-4.2.1"
        },
        {
            "binary_version": "4.2.1+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "4.2.1+dfsg-2ubuntu0.1~esm1",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14745.json"

Ubuntu:Pro:24.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.5.0+dfsg-1.1ubuntu3+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0+dfsg-1ubuntu1

5.5.0+dfsg-1.1ubuntu2

5.5.0+dfsg-1.1ubuntu3

5.5.0+dfsg-1.1ubuntu3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.5.0+dfsg-1.1ubuntu3+esm1",
            "binary_name": "libradare2-5.0.0t64"
        },
        {
            "binary_version": "5.5.0+dfsg-1.1ubuntu3+esm1",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "5.5.0+dfsg-1.1ubuntu3+esm1",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14745.json"

Ubuntu:25.10 / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.9.8+dfsg-2ubuntu0.25.10.2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.8+dfsg-2

5.9.8+dfsg-2ubuntu0.25.10.1

5.9.8+dfsg-2ubuntu0.25.10.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.9.8+dfsg-2ubuntu0.25.10.2",
            "binary_name": "libradare2-5.0.0t64"
        },
        {
            "binary_version": "5.9.8+dfsg-2ubuntu0.25.10.2",
            "binary_name": "libradare2-common"
        },
        {
            "binary_version": "5.9.8+dfsg-2ubuntu0.25.10.2",
            "binary_name": "radare2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-14745.json"