CVE-2026-52753
MEDIUMGhidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
Title source: cnaDescription
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-m94m-fqr3-x442)
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ghidra-out-of-memory-in-rust-symbol-demangler-via-malformed-symbol
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
1.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-789
Status
published
Products (3)
nationalsecurityagency/ghidra
< 12.0.3
nationalsecurityagency/ghidra
12.0.3
nsa/ghidra
< 12.0.3
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026