Vulnerability CVE-2019-13625


Published: 2019-07-16   Modified: 2019-07-17

Description:
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.4/10
9.2/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Complete
Affected software
NSA -> Ghidra 

 References:
http://blog.fxiao.me/ghidra/
https://github.com/NationalSecurityAgency/ghidra/issues/71
https://xlab.tencent.com/en/2019/03/18/ghidra-from-xxe-to-rce/

Copyright 2024, cxsecurity.com

 

Back to Top