CVE-2024-58350
LowCVSS 2.9Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Ghidra before version 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
Risk Assessment
This vulnerability can lead to significant disruptions in system operation, including denial of service, which may affect application availability and user trust.
Recommendation
It is recommended to update Ghidra to version 11.2 or later to mitigate this vulnerability and to monitor the system for unauthorized activities.
Original NVD description (English source)
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.

