CVE-2023-22671 Information

Jan 07, 2023 cve

Description

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval leading to command injection when calling analyzeHeadless with untrusted input.

Reference

https://github.com/NationalSecurityAgency/ghidra/pull/4872 https://github.com/NationalSecurityAgency/ghidra/issues/4869

Share on: