1.5 KiB
1.5 KiB
Source Evidence Summary
Swift Demangler ACE
SwiftDemanglerAnalyzer.javarestores a Swift binary directory analyzer option.SwiftNativeDemangler.javabuilds the native demangler path from the configured Swift directory.SwiftNativeDemangler.javaexecutes the native demangler with--version.SwiftNativeDemangler.javaexecutes the native demangler during symbol demangling.
TraceRMI Conditional RCE
- GDB agent
methods.pyexposesexecute(cmd). - The GDB implementation calls
gdb.execute(cmd, to_string=...). - LLDB agent
methods.pyexposesexecute(cmd). - The LLDB implementation routes the command string to the LLDB command interpreter.
- LLDB agent
methods.pyexposespyeval(expr). - The LLDB implementation calls Python
eval(expr).
These are execution-capable sinks once a TraceRMI agent channel is exposed or connected to an untrusted controller.
SevenZipJBinding Reachability
Ghidra/Features/FileFormats/build.gradledeclaressevenzipjbinding:16.02-2.01.Ghidra/Features/FileFormats/build.gradledeclaressevenzipjbinding-all-platforms:16.02-2.01.SevenZipFileSystemFactory.probeStartBytes(...)recognizes archive signatures.SevenZipFileSystemFactory.create(...)constructsSevenZipFileSystem.SevenZipFileSystem.mount(...)callsSevenZip.openInArchive(...).SevenZipCustomInitializer.initSevenZip()loads native libraries withSystem.load(...).ZipFileSystemFactory.create(...)tries the SevenZip path for ZIP handling unless built-in ZIP handling is forced.