Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order | Advisories

Advisories

Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order

severity: low
date: 6/10/2026
Affecting: Ghidra < 11.2
CVE: CVE-2024-58350
CWE: CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSS: 2.1
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
References: GitHub Security Advisory (GHSA-4g43-2f29-xvp4)
Credit: Bill Bierman (@wbierman)
Description: Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo