42 matches found
CVE-2026-49496
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
CVE-2024-58350
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
CVE-2026-49496 Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
EUVD-2026-36005
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
EUVD-2024-55616
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
CVE-2024-58350
Ghidra prior to 11.2 contains a use-after-free in the Sleigh backend caused by undefined static initialization order of SleighArchitecture::translators and XmlArchitectureCapability singletons. This can enable an attacker to trigger an infinite loop or denial of service during shutdown due to uns...
CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
National Security Agency Ghidra 安全漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 11.2 contained security vulnerabilities. These vulnerabilities were caused by an undefined static initialization...
PT-2026-48407
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
PT-2026-48402
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
Malicious Package
Overview elf-stats-aurora-sleigh-694 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in elf-stats-nutmeg-sleigh-350 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4e43446814eeb05f58979f02ff96534374a9f069055bcc5f5f97425254b0817 The package elf-stats-nutmeg-sleigh-350 was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192538 Malicious code in elf-stats-tinsel-sleigh-669 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea0f6663d5e999d515c8873ef2ea13aeeac00025c4aceaa81a2b5178991461be The package elf-stats-tinsel-sleigh-669 was found to contain malicious code...
EUVD-2025-202839
Malicious code in elf-stats-aurora-sleigh-694 npm...
EUVD-2025-202810
Malicious code in elf-stats-festive-sleigh-368 npm...
MAL-2025-192499 Malicious code in elf-stats-festive-sleigh-368 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f1f4d8617d9417b57ac5d906d1d72bec6c8f342444d3aefcc2681d4f56ebcbe The package elf-stats-festive-sleigh-368 was found to contain malicious code...
EUVD-2025-202771
Malicious code in elf-stats-tinsel-sleigh-669 npm...
Malicious code in elf-stats-aurora-sleigh-694 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34711b753b62675e9bbb1491241713eeb1b612d1f1fab7a769a70c1105afc8f9 The package elf-stats-aurora-sleigh-694 was found to contain malicious code. Source: ghsa-malware...
Malicious code in elf-stats-festive-sleigh-368 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f1f4d8617d9417b57ac5d906d1d72bec6c8f342444d3aefcc2681d4f56ebcbe The package elf-stats-festive-sleigh-368 was found to contain malicious code...