Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

[maruf.swe]

Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.

Ghidra, a free, open-source software reverse-engineering tool that was released by the National Security Agency at RSA, has been found to be a potential conduit to remote code-execution.

Ghidra is a disassembler written in Java; software that breaks down executable files into assembly code that can then be analyzed. By deconstructing malicious code and malware, cybersecurity professionals can gain a better understanding of potential vulnerabilities in their networks and systems. The NSA has used it internally for years, and recently decided to open-source it.

For More Details : https://threatpost.com/nsa-ghidra-bug-rce/142937/