Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via...

6.7 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

Basic Information

ID CVE-2026-52753

Source VulnCheck

Published Jun 10, 2026 at 12:40

Affected Product

Vendor nationalsecurityagency

Product ghidra

Affected Versions nationalsecurityagency ghidra 0

CWE Classification

CWE-789

References

{
    "lastseen": "",
    "description": "Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.",
    "published": "2026-06-10T12:40:22.903Z",
    "modified": "2026-06-10T12:40:22.903Z",
    "type": "cve",
    "title": "Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol",
    "source": "VulnCheck",
    "references": "https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442\nhttps://www.vulncheck.com/advisories/ghidra-out-of-memory-in-rust-symbol-demangler-via-malformed-symbol",
    "id": "CVE-2026-52753",
    "bulletinFamily": "",
    "cwe": [
        "CWE-789"
    ],
    "cvelist": null,
    "sourceData": "nationalsecurityagency ghidra 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ghidra",
    "version": "0",
    "vendor": "nationalsecurityagency",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol_CVE-2026-52753