CVE-2026-52753
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
Risk Assessment
This vulnerability may lead to process crashes during binary analysis, affecting the availability of the Ghidra tool within the organization. It could also allow attackers to perform Denial of Service (DoS) attacks.
Recommendation
It is recommended to update Ghidra to version 12.0.3 or later to mitigate this vulnerability. Additionally, monitoring and restricting input data can help minimize the risk of exploitation.
Original NVD description (English source)
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

