radare2
修正版
5.7.1
CVE-2026-40527 represents a Command Injection vulnerability discovered in radare2 versions prior to commit bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683. This flaw allows attackers to embed malicious r2 command sequences within DWARF DWTAGformal_parameter names of crafted ELF binaries, which are then executed during analysis. Successful exploitation can lead to arbitrary shell command execution, highlighting the importance of updating to the patched version.
CVE-2026-40527 in radare2, affecting versions prior to commit bc5a890, presents a significant command injection risk. This vulnerability resides within the afsv/afsvj command path and allows attackers to embed malicious r2 command sequences within DWARF DWTAGformal_parameter names in crafted ELF binaries. Analyzing a binary with 'aaa' and subsequently running 'afsvj' can lead to arbitrary operating system command execution due to the unsanitized parameter interpolation in the 'pfq' command string. The CVSS score of 7.8 indicates a high risk, demanding immediate attention to prevent unauthorized code execution on affected systems.
An attacker could create a malicious ELF file containing DWARF parameter names that include operating system commands. When a user runs radare2 with 'aaa' on this file and then 'afsvj', the embedded commands will be executed. The exploitation complexity is relatively low, requiring only the creation of a malicious ELF file and the execution of the appropriate radare2 commands. The impact is high, enabling remote code execution and system compromise. This vulnerability is particularly concerning in environments where radare2 is used for malware analysis or reverse engineering.
エクスプロイト状況
EPSS
0.03% (10% パーセンタイル)
CISA SSVC
CVSS ベクトル
The recommended solution is to update radare2 to a version including commit bc5a890 or later. This commit addresses the vulnerability by properly sanitizing DWARF formal parameter names before they are used in the 'pfq' command string. As a preventative measure, avoid analyzing ELF files from untrusted sources with radare2. Implementing strict access controls to limit who can run radare2 and analyze binaries can also help mitigate the risk. Monitoring systems for unusual activity related to operating system command execution during binary analysis is crucial.
Actualice a la versión 5.7.1 o posterior para mitigar la vulnerabilidad de inyección de comandos. Esta actualización corrige la forma en que radare2 maneja los nombres de parámetros DWARF, evitando la ejecución de comandos arbitrarios.
脆弱性分析と重要アラートをメールでお届けします。
DWARF is a debugging format used in ELF files to provide debugging information, including variable names, data types, and memory locations.
The update corrects the command injection vulnerability, preventing unauthorized code execution.
Avoid analyzing ELF files from untrusted sources and monitor systems for unusual activity.
Check the version of radare2 you are using. If it's prior to commit bc5a890, you are vulnerable.
Several malware analysis tools can help detect malicious ELF files exploiting this vulnerability.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。