8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
12 packages
- rizinPlugins.rz-ghidra
- cutterPlugins.rz-ghidra
- ghidra-extensions.ret-sync
- python313Packages.pyghidra
- python314Packages.pyghidra
- python312Packages.ghidra-bridge
- python313Packages.ghidra-bridge
- python314Packages.ghidra-bridge
- ghidra-extensions.ghidra-firmware-utils
- ghidra-extensions.ghidra-delinker-extension
- ghidra-extensions.ghidraninja-ghidra-scripts
- ghidra-extensions.ghidra-golanganalyzerextension
- @LeSuisse accepted
- @LeSuisse published on GitHub
NSA Ghidra Auto-Analysis Annotation Command Execution
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
References
Affected products
- <12.0.3
Matching in nixpkgs
pkgs.ghidra
Software reverse engineering (SRE) suite of tools
Ignored packages (12)
pkgs.rizinPlugins.rz-ghidra
Deep ghidra decompiler and sleigh disassembler integration for rizin
pkgs.cutterPlugins.rz-ghidra
Deep ghidra decompiler and sleigh disassembler integration for rizin
pkgs.ghidra-extensions.ret-sync
Reverse-Engineering Tools SYNChronization. Allows syncing between a debugging session and Ghidra
-
nixos-unstable 0-unstable-2024-05-29
- nixpkgs-unstable 0-unstable-2024-05-29
- nixos-unstable-small 0-unstable-2024-05-29
-
nixos-25.11 0-unstable-2024-05-29
- nixos-25.11-small 0-unstable-2024-05-29
- nixpkgs-25.11-darwin 0-unstable-2024-05-29
pkgs.python313Packages.pyghidra
Native CPython for Ghidra
pkgs.python314Packages.pyghidra
Native CPython for Ghidra
pkgs.python312Packages.ghidra-bridge
Python bridge to Ghidra's Python scripting
pkgs.python313Packages.ghidra-bridge
Python bridge to Ghidra's Python scripting
pkgs.python314Packages.ghidra-bridge
Python bridge to Ghidra's Python scripting
pkgs.ghidra-extensions.ghidra-firmware-utils
Ghidra utilities for analyzing PC firmware
-
nixos-unstable 2026.01.14
- nixpkgs-unstable 2026.01.14
- nixos-unstable-small 2026.01.14
-
nixos-25.11 2024.04.20
- nixos-25.11-small 2024.04.20
- nixpkgs-25.11-darwin 2024.04.20
pkgs.ghidra-extensions.ghidra-delinker-extension
Ghidra extension for delinking executables back to object files
pkgs.ghidra-extensions.ghidraninja-ghidra-scripts
Scripts for the Ghidra software reverse engineering suite
-
nixos-unstable 2020-10-07
- nixpkgs-unstable 2020-10-07
- nixos-unstable-small 2020-10-07
-
nixos-25.11 2020-10-07
- nixos-25.11-small 2020-10-07
- nixpkgs-25.11-darwin 2020-10-07
Package maintainers
-
@roblabla Robin Lambertz <robinlambertz+dev@gmail.com>
-
@vringar Stefan Zabka <git@zabka.it>
-
@ck3d Christian Kögler <ck3d@gmx.de>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@GovanifY Gauvain 'GovanifY' Roussel-Tarbouriech <gauvain@govanify.com>