In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module.
References
| Link | Resource |
|---|---|
| http://blog.fxiao.me/ghidra/ | Exploit Third Party Advisory |
| http://packetstormsecurity.com/files/154015/Ghidra-Linux-9.0.4-Arbitrary-Code-Execution.html | |
| https://ghidra-sre.org/releaseNotes_9.1_final.html | |
| https://github.com/NationalSecurityAgency/ghidra/issues/789 | Exploit Third Party Advisory |
| http://blog.fxiao.me/ghidra/ | Exploit Third Party Advisory |
| http://packetstormsecurity.com/files/154015/Ghidra-Linux-9.0.4-Arbitrary-Code-Execution.html | |
| https://ghidra-sre.org/releaseNotes_9.1_final.html | |
| https://github.com/NationalSecurityAgency/ghidra/issues/789 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:25
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://blog.fxiao.me/ghidra/ - Exploit, Third Party Advisory | |
| References | () http://packetstormsecurity.com/files/154015/Ghidra-Linux-9.0.4-Arbitrary-Code-Execution.html - | |
| References | () https://ghidra-sre.org/releaseNotes_9.1_final.html - | |
| References | () https://github.com/NationalSecurityAgency/ghidra/issues/789 - Exploit, Third Party Advisory |
Information
Published : 2019-07-17 03:15
Updated : 2024-11-21 04:25
NVD link : CVE-2019-13623
Mitre link : CVE-2019-13623
CVE.ORG link : CVE-2019-13623
JSON object : View
Products Affected
nsa
- ghidra
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')