CVE-2026-52753
Received Received - Intake
Ghidra Rust Demangler Memory Exhaustion Vulnerability

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: VulnCheck

Description
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-52753
EUVD
EUVD-2026-36012
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nationalsecurityagency ghidra to 12.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-52753 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The primary mitigation step is to upgrade Ghidra to version 12.0.3 or later, which includes a process timeout for the GNU Demangler to prevent unbounded memory allocation and crashes.

Until the upgrade can be applied, avoid analyzing binaries with suspicious or malformed Rust symbols that could trigger the vulnerability.

Executive Summary

CVE-2026-52753 is an out-of-memory vulnerability in Ghidra versions before 12.0.3, specifically in the rust_demangle function used to process Rust symbol names.

The vulnerability arises because the function allocates output buffers without any size limits, allowing attackers to craft malicious Rust symbol names that cause exponential memory allocation.

This unbounded memory allocation can exceed 2GB, leading to process crashes during binary analysis.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) condition.

An attacker can cause Ghidra to crash by feeding it a crafted binary containing malicious Rust symbol names, which triggers excessive memory consumption.

This can disrupt binary analysis workflows, potentially causing loss of productivity or interruption of automated analysis processes.

Detection Guidance

This vulnerability can be detected by attempting to analyze binaries containing malformed Rust symbols using Ghidra's demangler_gnu CLI tool or by using fuzzing tools such as libFuzzer with AddressSanitizer to trigger the out-of-memory condition.

Specifically, feeding a crafted file (e.g., crash_input.bin) with malformed Rust symbols to the demangler_gnu CLI can reproduce the crash caused by unbounded memory allocation.

  • Use the command: ./demangler_gnu crash_input.bin to test if the tool crashes due to the vulnerability.
  • Employ fuzzing with libFuzzer and AddressSanitizer targeting the rust_demangle function to detect potential crashes.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52753. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart