Vulnerabilities
Vulnerable Software
Nsa:  >> Ghidra  >> 10.1.1  Security Vulnerabilities
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.
CVSS Score
4.6
EPSS Score
0.002
Published
2026-06-10
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
CVSS Score
2.1
EPSS Score
0.001
Published
2026-06-10
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
CVSS Score
9.8
EPSS Score
0.029
Published
2023-01-06


Contact Us

Shodan ® - All rights reserved