Main Vulnerability Database Vulnerabilities #VU127893

#VU127893 Use-after-free in Ghidra

Published: September 19, 2024 / Updated: April 25, 2026

Vulnerability identifier: #VU127893

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Ghidra

Software vendor:
National Security Agency

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to use-after-free in SleighArchitecture::shutdown in the Sleigh decompiler backend when destroying global singletons in an undefined order during shutdown. A remote attacker can trigger the vulnerable shutdown sequence to cause a denial of service.

This issue occurs during shutdown and was observed to cause an infinite loop by iterating over garbage data.

Remediation

Install security update from vendor's website.

External links

https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-4g43-2f29-xvp4

#VU127893 Use-after-free in Ghidra

Description

Remediation

External links

Please verify you're human