CVE-2019-13623
Summary
| CVE | CVE-2019-13623 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-17 03:15:00 UTC |
| Updated | 2019-11-12 13:15:00 UTC |
| Description | In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ghidra: Release Notes | CONFIRM | ghidra-sre.org | |
| Ghidra (Linux) 9.0.4 Arbitrary Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Arbitrary code execution through loading a malicious project · Issue #789 · NationalSecurityAgency/ghidra · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| Do Not Trust! Ghidra Arbitrary Command Execution Through Project Sharing | Feng's Blog | MISC | blog.fxiao.me | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.