Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-49497

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References1
CVE
CVE
added 2026/06/10 12:37 p.m.42 views

CVE-2026-49497

CVE-2026-49497 concerns Ghidra before 12.1, which contains a path traversal flaw in the SameDirDebugInfoProvider. The bug arises because filenames from ELF binary .gnu_debuglink sections are not validated before file paths are built, enabling a local attacker to craft malicious ELF binaries with ...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/10 12:37 p.m.33 views

CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

4.6CVSS0.00185EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 12:37 p.m.10 views

CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:37 p.m.11 views

EUVD-2026-36006

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48408

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and lea...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References3
Rows per page
Query Builder