CVE-2026-52753

Summary

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

Affected Software

VendorProductVersion RangeStatus
nationalsecurityagencyghidra0 < 12.0.3affected
nationalsecurityagencyghidra12.0.3unaffected

Weaknesses

  • CWE-789: Memory Allocation with Excessive Size Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References