Nixpkgs security tracker
4.6 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): Active (A)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): Low (L)
- Vulnerable System Impact Availability (VA): Low (L)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Active (A)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): Low (L)
- Modified Vulnerable System Impact Availability (MVA): Low (L)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.
References
-
-
https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-highvariable… third-party-advisory
Affected products
- <12.1
- ==12.1
Matching in nixpkgs
pkgs.ghidra
Software reverse engineering (SRE) suite of tools
pkgs.ghidra-bin
Software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
pkgs.rizinPlugins.rz-ghidra
Deep ghidra decompiler and sleigh disassembler integration for rizin
pkgs.cutterPlugins.rz-ghidra
Deep ghidra decompiler and sleigh disassembler integration for rizin
pkgs.ghidra-extensions.ret-sync
Reverse-Engineering Tools SYNChronization. Allows syncing between a debugging session and Ghidra
-
nixos-unstable 0-unstable-2024-05-29
- nixpkgs-unstable 0-unstable-2024-05-29
- nixos-unstable-small 0-unstable-2024-05-29
-
nixos-26.05 0-unstable-2024-05-29
- nixos-26.05-small 0-unstable-2024-05-29
- nixpkgs-26.05-darwin 0-unstable-2024-05-29
pkgs.python313Packages.pyghidra
Native CPython for Ghidra
pkgs.python314Packages.pyghidra
Native CPython for Ghidra
pkgs.python313Packages.ghidra-bridge
Python bridge to Ghidra's Python scripting
pkgs.python314Packages.ghidra-bridge
Python bridge to Ghidra's Python scripting
pkgs.ghidra-extensions.ghidra-firmware-utils
Ghidra utilities for analyzing PC firmware
-
nixos-unstable 2026.01.14
- nixpkgs-unstable 2026.01.14
- nixos-unstable-small 2026.01.14
-
nixos-26.05 2026.01.14
- nixos-26.05-small 2026.01.14
- nixpkgs-26.05-darwin 2026.01.14
pkgs.ghidra-extensions.ghidra-delinker-extension
Ghidra extension for delinking executables back to object files
pkgs.ghidra-extensions.ghidraninja-ghidra-scripts
Scripts for the Ghidra software reverse engineering suite
-
nixos-unstable 2020-10-07
- nixpkgs-unstable 2020-10-07
- nixos-unstable-small 2020-10-07
-
nixos-26.05 2020-10-07
- nixos-26.05-small 2020-10-07
- nixpkgs-26.05-darwin 2020-10-07
Package maintainers
-
@chayleaf Anna Pavlyuk <chayleaf-nix@pavluk.org>
-
@roblabla Robin Lambertz <robinlambertz+dev@gmail.com>
-
@vringar Stefan Zabka <git@zabka.it>
-
@ck3d Christian Kögler <ck3d@gmx.de>
-
@GovanifY Gauvain 'GovanifY' Roussel-Tarbouriech <gauvain@govanify.com>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@hexadecimalDinosaur Ivy Fan-Chiang <dev@ivyfanchiang.ca>
-
@jchv John Chadwick <johnwchadwick@gmail.com>
-
@timschumi Tim Schumacher <timschumi@gmx.de>
-
@spencerpogo Spencer Pogorzelski
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>