CVE Catalog

CVE-2024-58350

LowCVSS 2.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile — higher than 2% of all known CVEs

Summary

Ghidra before version 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.

Risk Assessment

This vulnerability can lead to significant disruptions in system operation, including denial of service, which may affect application availability and user trust.

Recommendation

It is recommended to update Ghidra to version 11.2 or later to mitigate this vulnerability and to monitor the system for unauthorized activities.

Original NVD description (English source)

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS