Описание
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).
Ссылки
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).
EPSS
9.8 Critical
CVSS3
6.8 Medium
CVSS2