Vulnerability identifier: #VU72163
Vulnerability risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-676
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Ghidra
Universal components / Libraries /
Software for developers
Vendor: National Security Agency
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to Ghidra client application on Linux and macOS uses the eval command for processing arguments passed to the launch.ch script to start the application. A remote attacker can pass specially crafted input to the application and execute arbitrary OS commands on the system.
Note, the vulnerability can be exploited against the Ghidra client application running as a service on a remote machine and passed untrusted input directly as a Ghidra command line argument.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Ghidra: 9.0.0 - 10.2.2
External links
http://github.com/NationalSecurityAgency/ghidra/pull/4872
http://github.com/NationalSecurityAgency/ghidra/issues/4869
http://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-cqfj-5crw-rh6p
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.