Vulnerability DatabaseCVE-2024-58350
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-58350
Published:June 10, 2026
Updated:June 28, 2026
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
Affected Packages
https://github.com/NationalSecurityAgency/ghidra.git (GITHUB):
Affected version(s) >=Ghidra_10.2_build <Ghidra_11.2_build
Fix Suggestion:
Update to version Ghidra_11.2_build
Related Resources (2)
https://www.vulncheck.com/advisories/ghidra-use-after-free-in-sleigh-backend-via-static-initialization-order
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-4g43-2f29-xvp4
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-758
EPSS
Base Score:
0.11