Description
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
Published: 2026-06-10
Score: 6.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑memory condition in Ghidra’s rust_demangle function. That function allocates output buffers without any upper bound, permitting an attacker to craft a malicious Rust symbol name that causes exponential memory usage. When Ghidra processes a binary containing such a symbol, the demangler will exhaust system RAM and the Ghidra process will crash, interrupting analysis.

Affected Systems

National Security Agency’s Ghidra releases prior to version 12.0.3 are affected. Any installation of Ghidra 12.0.2 or earlier, on any operating system supported by Ghidra, uses the vulnerable demangle implementation.

Risk and Exploitability

The CVSS score of 6.7 indicates a moderate severity impact. No EPSS score is publicly available, so the current exploitation probability is unknown. The vulnerability is not listed in CISA‑KEV, suggesting no confirmed public exploits. An attacker would need to supply or force Ghidra to analyze a binary that contains a specially crafted Rust symbol. Successful exploitation would result in a denial of service for the analyst or automated pipeline that is processing the binary.

Generated by OpenCVE AI on June 10, 2026 at 14:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ghidra to version 12.0.3 or later to eliminate the vulnerable demangler.
  • If an upgrade cannot be performed immediately, avoid analyzing binaries that contain Rust symbols until the patch is applied.
  • Disable automatic symbol demangling in Ghidra’s preferences (if available) to prevent the vulnerable demangler from executing.

Generated by OpenCVE AI on June 10, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
Title Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
First Time appeared Nsa
Nsa ghidra
Weaknesses CWE-789
CPEs cpe:2.3:a:nsa:ghidra:*:*:*:*:*:*:*:*
Vendors & Products Nsa
Nsa ghidra
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsa Ghidra
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-10T15:14:49.424Z

Reserved: 2026-06-08T15:20:09.274Z

Link: CVE-2026-52753

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T14:16:35.470

Modified: 2026-06-10T14:16:35.470

Link: CVE-2026-52753

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T15:00:13Z

Weaknesses