The ghidra port is still on 9.1 while the current version is 10.1.1. It is easy to gain remote code execution in ghidra by loading a malicious binary, which is the main use-case for ghidra.
Doesn't this affect only Windows systems? https://github.com/NationalSecurityAgency/ghidra/issues/286 Cheers.
I was talking about Log4Shell, here's a proof of concept https://github.com/zhuowei/GhidraLog4Shell. But 9.1 is still an older version, even if you ignore the security vulnerabilities.
(In reply to Cameron Katri from comment #2) Absolutely. Just it might not be as important having an outdated port than having an outdated port that poses a security risk. Thanks for the report.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2ea61fba9e948f627fd88f2318d82b20741f775d commit 2ea61fba9e948f627fd88f2318d82b20741f775d Author: Tilman Keskinoz <arved@FreeBSD.org> AuthorDate: 2024-02-06 21:22:24 +0000 Commit: Tilman Keskinoz <arved@FreeBSD.org> CommitDate: 2024-02-06 21:26:10 +0000 devel/ghidra: Mark FORBIDDEN contains a RCE PR: 260854 Submitted by: Cameron Katri Security: https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-j3xg-fc2p-4jc4 devel/ghidra/Makefile | 1 + 1 file changed, 1 insertion(+)
Since there hasn't been any interest in updating the port to the latest version, I have marked it FORBBIDDEN