CVE-2019-14745

Name of the Vulnerable Software and Affected Versions radare2 versions prior to 3.7.0

Description A command injection issue exists due to improper handling of symbol names embedded in executables. This allows for the execution of arbitrary shell commands with the permissions of the victim by using a crafted executable file.

Recommendations For versions prior to 3.7.0, update to version 3.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted executable files to minimize the risk of exploitation.