cvedb.io
CVE-2026-49495
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2026-06-10T14:16:34.360 · Last modified 2026-06-17T10:55:42.550

Summary

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryError that crashes the entire JVM and loses all unsaved work.

Affected products

nsa — ghidra

Does this affect you?

Add your gear to cvedb and we'll alert you only when nsa ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.