EUVD-2026-36004Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryError that crashes the entire JVM and loses all unsaved work.
AnalysisAI
Uncontrolled resource consumption in Ghidra's Mach-O binary parser (versions 10.2 through pre-12.1) allows a crafted binary to crash the entire JVM and destroy all unsaved analyst work. The ExportTrie.parseTrie() method lacks cycle detection when walking export trie structures, so a malicious Mach-O binary embedding circular trie references triggers unbounded queue growth and exponential string concatenation until an OutOfMemoryError terminates the JVM process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The analyst must actively open a crafted Mach-O binary file within an affected Ghidra instance (versions 10.2 through pre-12.1) - this is confirmed by CVSS UI:A (active user interaction required) and AV:L (local attack vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 scores this at 6.7 with vector AV:L/AC:L/AT:N/PR:N/UI:A/VA:H. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a Mach-O binary (e.g., a fake macOS dylib or executable) containing a deliberately circular export trie, where one or more trie nodes reference ancestor nodes, then submits it to a target security researcher as a sample for analysis - via email, a bug bounty submission, a malware-sharing platform, or a poisoned open-source package. When the researcher opens the file in an unpatched Ghidra instance, ExportTrie.parseTrie() enters an unbounded loop, memory is exhausted within seconds to minutes depending on heap size, and the JVM crashes, destroying hours of unsaved reverse-engineering work. … |
| Remediation | The primary fix is upgrading to Ghidra 12.1 or later, which introduces cycle detection in the ExportTrie.parseTrie() method. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote code execution in NSA Ghidra before version 12.1 allows attackers to execute arbitrary commands when a user opens
Arbitrary file write in NSA Ghidra versions prior to 12.0.2 allows local attackers to achieve code execution by tricking
Arbitrary file write in NSA's Ghidra reverse-engineering framework before version 12.0.4 allows attackers to escape the
Heap-use-after-free in Ghidra's SLEIGH disassembler engine allows an attacker to cause memory corruption or application
Uncontrolled memory allocation in Ghidra's rust_demangle function (versions before 12.0.3) allows a denial-of-service co
Share
External POC / Exploit Code
Leaving vuln.today