CVE-2023-22671

Опубликовано: 06 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.

Ссылки

https://github.com/NationalSecurityAgency/ghidra/issues/4869
Exploit
Issue Tracking
Third Party Advisory
https://github.com/NationalSecurityAgency/ghidra/pull/4872
Patch
Third Party Advisory
https://github.com/NationalSecurityAgency/ghidra/issues/4869
Exploit
Issue Tracking
Third Party Advisory
https://github.com/NationalSecurityAgency/ghidra/pull/4872
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nsa:ghidra:*:*:*:*:*:*:*:*

Версия до 10.2.2 (включая)

EPSS

Процентиль: 88%

0.04124

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

CVE-2023-22671

CVSS3: 9.8

debian

около 3 лет назад

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...

GHSA-9rmx-2mjp-5w4j

CVSS3: 9.8

github

около 3 лет назад

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.

EPSS

Процентиль: 88%

0.04124

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77