Vulnerability identifier: #VU72163

Vulnerability risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22671

CWE-ID: CWE-676

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ghidra
Universal components / Libraries / Software for developers

Vendor: National Security Agency

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Ghidra client application on Linux and macOS uses the eval command for processing arguments passed to the launch.ch script to start the application. A remote attacker can pass specially crafted input to the application and execute arbitrary OS commands on the system.

Note, the vulnerability can be exploited against the Ghidra client application running as a service on a remote machine and passed untrusted input directly as a Ghidra command line argument.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Ghidra: 9.0.0 - 10.2.2

---

External links
http://github.com/NationalSecurityAgency/ghidra/pull/4872
http://github.com/NationalSecurityAgency/ghidra/issues/4869
http://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-cqfj-5crw-rh6p

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.