Vulnerability CVE-2023-22671

Vulnerability CVE-2023-22671

Published: 2023-01-06

Description:

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.

References:

https://github.com/NationalSecurityAgency/ghidra/pull/4872

https://github.com/NationalSecurityAgency/ghidra/issues/4869

Copyright 2026, cxsecurity.com