CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

CVE-2026-52753

Ghidra

CLSA-2026-1779218750 gcc: Fix of 2 CVEs

CVE-2021-3826: fix buffer overflow in dlanglname function to prevent denial of service - CVE-2021-46195: fix infinite recursion in rust demangler to prevent denial of service...

MiracleLinux 9 : gdb-10.2-11.el9 (AXSA:2023-6781:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6781:02 advisory. libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 Tenable has extracted the preceding description block directly...

GNU BinUtils 安全漏洞

GNU BinUtils is a collection of programming tools for working with binary files from the US GNU community. A security vulnerability exists in GNU BinUtils version 2.26, which stems from the improper handling of specially crafted PE files by the dunqualifiedname function in the cp-demangle.c file,...

EUVD-2017-5233

Malware in sbrugna...

EUVD-2016-7065

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of...

CVE-2023-40022

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

SUSE CVE-2016-6131

The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types...

SUSE CVE-2017-13716

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted file, as demonstrated by a call from the Binary File Descriptor BFD library aka...

SUSE CVE-2018-9138

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglenestedargs, demangleargs, doarg, and dotype...

ALPINE-CVE-2018-20712

A heap-based buffer over-read exists in the function dexpression1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt...

llvm/llvm-microsoft-demangle-fuzzer: Global-buffer-overflow in llvm::ms_demangle::Demangler::demangleFunctionIdentifierCode

Project: https://github.com/llvm/llvm-project.git Detailed report: https://oss-fuzz.com/testcase?key=5696128606011392 Project: llvm Fuzzer: libFuzzerllvmllvm-microsoft-demangle-fuzzer Fuzz target binary: llvm-microsoft-demangle-fuzzer Job Type: libfuzzerasanllvm Platform Id: linux Crash Type:...

DEBIAN-CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

UBUNTU-CVE-2018-12641

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

CVE-2017-13716

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted file, as demonstrated by a call from the Binary File Descriptor BFD library aka...