Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
Exploitability
AV:LAC:LAT:NPR:NUI:AVulnerable System
VC:NVI:NVA:HSubsequent System
SC:NSI:NSA:N6.7/CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NOther