#VU21434 XML Entity Expansion in Ghidra
Vulnerability identifier: #VU21434
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-776
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Ghidra
Universal components / Libraries /
Software for developers
Vendor: National Security Agency
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to improper input validation when parsing XML files in the Bit Patterns Explorer feature in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. A remote attacker can create a specially crafted XML document, trick the victim into opening it via the Read XML Files feature and execute arbitrary code on the system with privilege of the current user.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Ghidra: 9.0.0 - 9.0.4
External links
http://github.com/NationalSecurityAgency/ghidra/blob/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca/Ghidra/Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java#L187-L188
http://github.com/NationalSecurityAgency/ghidra/issues/1090
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
