UBUNTU-CVE-2020-15121

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-15121

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15121.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-15121

Related

CVE-2020-15121

Published

2020-07-20T18:15:00Z

Modified

2025-04-23T15:15:26Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

References

Affected packages

Ubuntu:Pro:16.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@0.9.6-3.1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.6-3.1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@2.3.0+dfsg-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0+dfsg-1

2.*

2.0.0+dfsg-1

2.1.0+dfsg-1

2.3.0+dfsg-1

2.3.0+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@4.2.1+dfsg-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1+dfsg-5build1

4.*

4.0.0+dfsg-1

4.2.1+dfsg-1

4.2.1+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.9.4+dfsg-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0+dfsg-1.1ubuntu3

5.9.0+dfsg-2

5.9.2+dfsg-1

5.9.2+dfsg-1build1

5.9.4+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.5.0+dfsg-1.1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0+dfsg-1ubuntu1

5.5.0+dfsg-1.1ubuntu2

5.5.0+dfsg-1.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / radare2

Package

Name: radare2
Purl: pkg:deb/ubuntu/radare2@5.9.8+dfsg-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.4+dfsg-1

5.9.4+dfsg-1build1

5.9.8+dfsg-1

5.9.8+dfsg-1build1

5.9.8+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}