Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NSA Ghidra Auto-Analysis Annotation Command Execution
Vulnerability Description
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Ghidra Software Reverse Engineering Framework 安全漏洞
Vulnerability Description
Ghidra Software Reverse Engineering Framework是National Security Agency开源的一个软件逆向工程框架。 Ghidra Software Reverse Engineering Framework 12.0.3之前版本存在安全漏洞,该漏洞源于不当处理注释指令,可能导致任意命令执行。
CVSS Information
N/A
Vulnerability Type
N/A