漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
Vulnerability Description
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
National Security Agency Ghidra 路径遍历漏洞
Vulnerability Description
National Security Agency Ghidra是美国国家安全局(National Security Agency)的一款软件逆向工程(SRE)框架。 National Security Agency Ghidra 12.1之前版本存在路径遍历漏洞,该漏洞源于SameDirDebugInfoProvider在从ELF二进制.gnu_debuglink部分构建文件路径前未验证文件名,攻击者可制作包含遍历序列的恶意ELF二进制文件,在自动DWARF分析期间探测文件系统存在性并泄露任意文件的CRC
CVSS Information
N/A
Vulnerability Type
N/A