Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2024-58350— Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order

CVSS 2.9 · Low EPSS 0.11% · P2

Affected Version Matrix 2

VendorProductVersion RangeStatus
nationalsecurityagencyghidra< 11.2affected
11.2unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-58350

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
依赖未定义、未指明或实现定义的行为
Source: NVD (National Vulnerability Database)
Vulnerability Title
National Security Agency Ghidra 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
National Security Agency Ghidra是美国国家安全局(National Security Agency)的一款软件逆向工程(SRE)框架。 National Security Agency Ghidra 11.2之前版本存在安全漏洞,该漏洞源于Sleigh后端中SleighArchitecture::translators和XmlArchitectureCapability单例的未定义静态初始化顺序导致的释放后重用,攻击者可通过利用不安全的销毁顺序触发无限循环或拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nationalsecurityagencyghidra 0 ~ 11.2 -

II. Public POCs for CVE-2024-58350

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-58350

登录查看更多情报信息。

Vendor Advisories for CVE-2024-58350 (2)

Same Patch Batch · nationalsecurityagency · 2026-06-10 · 14 CVEs total

CVE-2026-527518.8 HIGHGhidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project
CVE-2026-527588.8 HIGHGhidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search
CVE-2026-527548.8 HIGHGhidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
CVE-2026-494988.8 HIGHGhidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username
CVE-2026-527557.8 HIGHGhidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import
CVE-2026-527507.8 HIGHGhidra < 12.1- Command Injection via URL Annotation Click
CVE-2026-527527.8 HIGHGhidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
CVE-2026-494966.1 MEDIUMGhidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallo
CVE-2026-527535.5 MEDIUMGhidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
CVE-2026-494955.5 MEDIUMGhidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser
CVE-2026-527564.8 MEDIUMGhidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
CVE-2026-527574.4 MEDIUMGhidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation
CVE-2026-494973.3 LOWGhidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

IV. Related Vulnerabilities

Same product: ghidra
Same vendor: nationalsecurityagency
Same weakness: CWE-758

V. Comments for CVE-2024-58350

No comments yet

Leave a comment