CVE-2019-16941

Name of the Vulnerable Software and Affected Versions NSA Ghidra versions prior to 9.0.5

Description The issue allows for arbitrary code execution when the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document, specifically in the context of the Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java file. This can occur when an XML document, originally created by DumpFunctionPatternInfoScript, is directly modified by an attacker to execute malicious code, such as making a java.lang.Runtime.exec call.

Recommendations For NSA Ghidra versions prior to 9.0.5, update to version 9.0.5 or later to resolve the issue. As a temporary workaround, consider disabling the experimental mode or restricting the use of the Read XML Files feature in Bit Patterns Explorer until a patch is applied. Avoid using modified XML documents with the Bit Patterns Explorer feature until the issue is resolved.