CVE Catalog

CVE-2026-52753

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile — higher than 2% of all known CVEs

Summary

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

Risk Assessment

This vulnerability may lead to process crashes during binary analysis, affecting the availability of the Ghidra tool within the organization. It could also allow attackers to perform Denial of Service (DoS) attacks.

Recommendation

It is recommended to update Ghidra to version 12.0.3 or later to mitigate this vulnerability. Additionally, monitoring and restricting input data can help minimize the risk of exploitation.

Original NVD description (English source)

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS