SB2023021401 - OS command injection in Ghidra

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of Potentially Dangerous Function (CVE-ID: CVE-2023-22671)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Ghidra client application on Linux and macOS uses the eval command for processing arguments passed to the launch.ch script to start the application. A remote attacker can pass specially crafted input to the application and execute arbitrary OS commands on the system.

Note, the vulnerability can be exploited against the Ghidra client application running as a service on a remote machine and passed untrusted input directly as a Ghidra command line argument.

Remediation

Install update from vendor's website.

References

• https://github.com/NationalSecurityAgency/ghidra/pull/4872
• https://github.com/NationalSecurityAgency/ghidra/issues/4869
• https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-cqfj-5crw-rh6p