Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
605
VMScore

CVE-2019-16941

Published: 28/09/2019 Updated: 04/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Nsa

Vulnerability Summary

NSA Ghidra up to and including 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nsa ghidra

Github Repositories

https://github.com/purpleracc00n/CVE-2019-16941

PoC for CVE-2019-16941

CVE-2019-16941 Proof-of-Concept: The vulnerability requires multiple and relatively improbable conditions in order to get triggered, fact that limits its exploitability However, it takes little effort and understanding to prepare a payload given the fact that it can result into an arbitrary code execution Creating the payload: In order to create a payload for the target to ru

Recent Articles

A Nord VPN bug, a(nother) bad Microsoft patch, Zynga data farmed out, and more
The Register • Shaun Nichols in San Francisco • 05 Oct 2019

Plus, NSA's Ghidra found to contain faulty code

Roundup Here's the latest security news in handy digest form of stories you may have missed over the last week. Reg reader Tony H writes in to tell us of an interesting security bug that arises when running NordVPN in tandem with the Cloudflare 1.1.1.1 WARP service in iOS. The end result is a connection that looks to be protected by NordVPN, but in reality it is completely exposed. Here's how it works: The user first connects to 1.1.1.1 with Warp, then disables the app without turning off Warp. ...

Read more...

References

CWE-91https://github.com/NationalSecurityAgency/ghidra/issues/1090https://github.com/NationalSecurityAgency/ghidra/blob/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca/Ghidra/Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java#L187-L188https://www.symantec.com/security-center/vulnerabilities/writeup/110223?om_rssid=sr-advisorieshttps://github.com/purpleracc00n/CVE-2019-16941https://twitter.com/NSAGov/status/1178812792159248385https://github.com/NationalSecurityAgency/ghidra/commit/a17728f8c12effa171b17a25ccfb7e7d9528c5d0https://nvd.nist.govhttps://github.com/purpleracc00n/CVE-2019-16941https://www.theregister.co.uk/2019/10/05/security_roundup_october_4/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook