CVE-2019-16941 — CRITICAL (9.8)

Q: How severe is CVE-2019-16941?

CVE-2019-16941 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-16941?

Check the references section above for vendor advisories and patch information. Affected products include: Nsa Ghidra.

Vulnerability Description

NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nsa	Ghidra	<= 9.0.4

Related Weaknesses (CWE)

CWE-91

References

FAQ

What is CVE-2019-16941?

CVE-2019-16941 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in...

How severe is CVE-2019-16941?

CVE-2019-16941 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-16941?

Check the references section above for vendor advisories and patch information. Affected products include: Nsa Ghidra.