Donghwoo Cho

**Name of the Vulnerable Software and Affected Versions** Ghidra versions 10.2 through 12.0 **Description** An uncontrolled resource consumption issue exists in the `ExportTrie.parseTrie()` function. The software lacks cycle detection when traversing Mach-O binary export tries. A specially crafted Mach-O binary containing circular references in the export trie can lead to unbounded queue growth and exponential string concatenation. This process triggers an OutOfMemoryError, which crashes the Java Virtual Machine (JVM) and results in the loss of all unsaved work. **Recommendations** Update to version 12.1.

**Name of the Vulnerable Software and Affected Versions** Ghidra versions prior to 12.1 **Description** A path traversal issue exists in the `SameDirDebugInfoProvider` component. The software fails to validate filenames extracted from the `.gnu debuglink` sections of ELF binaries before constructing file paths. This allows an attacker to use malicious ELF binaries containing traversal sequences to probe for the existence of files on the filesystem and leak CRC32 hashes of arbitrary files during automatic DWARF analysis (a process used to read debugging information from binaries). **Recommendations** Update to version 12.1 or later.