CVE-2026-52753

Analyzed Analyzed - Analysis Complete

Ghidra Rust Demangler Memory Exhaustion Vulnerability

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: VulnCheck

Description

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-10

Last Modified

2026-06-11

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-29

NVD

CVE-2026-52753

EUVD

EUVD-2026-36012

Affected Vendors & Products

Vendor	Product	Version / Range
nsa	ghidra	to 12.0.3 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-789	The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

Mitigation Strategies

The primary mitigation step is to upgrade Ghidra to version 12.0.3 or later, which includes a process timeout for the GNU Demangler to prevent unbounded memory allocation and crashes.

Until the upgrade can be applied, avoid analyzing binaries with suspicious or malformed Rust symbols that could trigger the vulnerability.

Executive Summary

CVE-2026-52753 is an out-of-memory vulnerability in Ghidra versions before 12.0.3, specifically in the rust_demangle function used to process Rust symbol names.

The vulnerability arises because the function allocates output buffers without any size limits, allowing attackers to craft malicious Rust symbol names that cause exponential memory allocation.

This unbounded memory allocation can exceed 2GB, leading to process crashes during binary analysis.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) condition.

An attacker can cause Ghidra to crash by feeding it a crafted binary containing malicious Rust symbol names, which triggers excessive memory consumption.

This can disrupt binary analysis workflows, potentially causing loss of productivity or interruption of automated analysis processes.

Detection Guidance

This vulnerability can be detected by attempting to analyze binaries containing malformed Rust symbols using Ghidra's demangler_gnu CLI tool or by using fuzzing tools such as libFuzzer with AddressSanitizer to trigger the out-of-memory condition.

Specifically, feeding a crafted file (e.g., crash_input.bin) with malformed Rust symbols to the demangler_gnu CLI can reproduce the crash caused by unbounded memory allocation.

Use the command: ./demangler_gnu crash_input.bin to test if the tool crashes due to the vulnerability.
Employ fuzzing with libFuzzer and AddressSanitizer targeting the rust_demangle function to detect potential crashes.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-52753 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Hi! I’m here to help you understand CVE-2026-52753. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70