Connect with us

Hi, what are you looking for?



Code Execution Vulnerability Impacts NSA Reverse Engineering Tool

Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.

Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.

Developed by the NSA’s Research Directorate for the agency’s cybersecurity missions, Ghidra is designed to help with malware analysis. The framework supports multiple platforms, including Windows, macOS, and Linux, and was released in open source earlier this year.

At the end of September, security researchers discovered a vulnerability in the tool that could allow an attacker to execute arbitrary code within the context of the affected application.

Tracked as CVE-2019-16941, the security flaw has a CVSS score of 9.8 and is considered “critical severity.”

The vulnerability only triggers when experimental mode is enabled. The issue exists in the Read XML Files feature of Bit Patterns Explorer and can be exploited using modified XML documents, according to an advisory in the National Vulnerability Database (NVD).

“This occurs in Features/BytePatterns/src/ main/java/ghidra/bitpatterns/info/ An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call),” the advisory reads.

The NSA, on the other hand, posted on Twitter that, given the conditions necessary for exploitation are rare, the vulnerability is not a serious issue, as long as the Ghidra user does not accept XMLs from unknown sources.

Advertisement. Scroll to continue reading.

The agency also revealed that a patch has been released for all those who build Ghidra themselves from the master branch. The fix will be included in the Ghidra 9.1 release, which is currently in beta testing.

Related: NSA Releases Reverse Engineering Tool’s Source Code

Related: Cisco Releases GhIDA and Ghidraaas Tools for IDA Pro

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.