Upstream information
Description
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processingSUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| CNA (Fedora Project) | National Vulnerability Database | |
|---|---|---|
| Base Score | 8.6 | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | Required | Required |
| Scope | Changed | Unchanged |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Timeline for this CVE
CVE page created: Wed Nov 27 12:00:18 2024CVE page last modified: Wed Aug 6 22:12:23 2025