Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-atfc-rgw3-9qg6
SummaryGhidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.
Aliases
0
alias CVE-2026-52757
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-52757
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02276
published_at 2026-06-11T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.01987
published_at 2026-06-14T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01978
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-52757
1
reference_url https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-highvariable-merge-during-decompilation
reference_id ghidra-heap-use-after-free-in-highvariable-merge-during-decompilation
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-10T16:19:56Z/
url https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-highvariable-merge-during-decompilation
2
reference_url https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8jqp-qv73-395r
reference_id GHSA-8jqp-qv73-395r
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-10T16:19:56Z/
url https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8jqp-qv73-395r
Weaknesses
0
cwe_id 416
name Use After Free
description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Exploits
Severity_range_score4.4 - 4.6
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-atfc-rgw3-9qg6