Home

Description

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.

PUBLISHED Reserved 2026-05-31 | Published 2026-06-10 | Updated 2026-06-10 | Assigner VulnCheck




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 12.1
affected

12.1 (custom)
unaffected

Credits

Donghwoo Cho reporter

References

github.com/...ghidra/security/advisories/GHSA-57g6-7qw2-p5hx (GitHub Security Advisory (GHSA-57g6-7qw2-p5hx)) vendor-advisory

www.vulncheck.com/...in-dwarf-external-debug-file-resolution third-party-advisory

cve.org (CVE-2026-49497)

nvd.nist.gov (CVE-2026-49497)

Download JSON