cvedb.io
CVE-2024-58350
LOW · CVSS 2.9
EPSS exploitation probability: 0%
Published 2026-06-10T14:16:28.893 · Last modified 2026-07-14T23:17:18.293

Summary

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.

Affected products

nsa — ghidra

Does this affect you?

Add your gear to cvedb and we'll alert you only when nsa ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.