CVE-2024-11858: Radare2: command injection via pebble application files in radare2

Description

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing

Classification

CVE ID: CVE-2024-11858

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2329102

Timeline

2024-12-16 00:30:21 UTC
CVE

Radare2: command injection via pebble application files in radare2