CVE-2026-52753

MEDIUM NVD

CVSS Score 5.5

Severity MEDIUM

Published Jun 10, 2026

Vendor unknown

Description

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

References

https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442
https://www.vulncheck.com/advisories/ghidra-out-of-memory-in-rust-symbol-demangler-via-malformed-symbol
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442