admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-12 13:01:46 +00:00
parent 1a4b4b621f
commit a3f7574823
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2019/13xxx/CVE-2019-13623.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module."
"value": "In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154015/Ghidra-Linux-9.0.4-Arbitrary-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154015/Ghidra-Linux-9.0.4-Arbitrary-Code-Execution.html"
},
{
"refsource": "CONFIRM",
"name": "https://ghidra-sre.org/releaseNotes_9.1_final.html",
"url": "https://ghidra-sre.org/releaseNotes_9.1_final.html"
}
]
}