CVE-2023-22671

Published January 6th, 2023

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.

NationalSecurityAgency/ghidra

Ghidra is a software reverse engineering (SRE) framework

GitHub

69.6K