CVE-2019-17664

Name of the Vulnerable Software and Affected Versions NSA Ghidra versions prior to 9.0.5

Description The issue arises when NSA Ghidra is executed from a specific path, causing the Java process working directory to be set to that path. Upon launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra attempts to execute the cmd.exe program from this working directory, potentially using an untrusted search path.

Recommendations For NSA Ghidra versions prior to 9.0.5, consider updating to version 9.0.5 or later to resolve the issue. As a temporary workaround, avoid launching Ghidra from untrusted paths to minimize the risk of exploitation. Restrict access to the Python interpreter option in Ghidra until the issue is resolved.