Lucene search

K

GoogleOSV:USN-6258-1

HistoryJul 27, 2023 - 7:48 a.m.

llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities

2023-07-2707:48:23

Google

osv.dev

5

llvm toolchain

memory management

mlir file

denial of service

cve-2023-29932

cve-2023-29934

cve-2023-29939

cve-2023-29933

software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,
CVE-2023-29934, CVE-2023-29939)

It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. This issue only
affected llvm-toolchain-15. (CVE-2023-29933)

References

ubuntu.com/security/CVE-2023-29932

ubuntu.com/security/CVE-2023-29933

ubuntu.com/security/CVE-2023-29934

ubuntu.com/security/CVE-2023-29939

ubuntu.com/security/notices/USN-6258-1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

Related for OSV:USN-6258-1

nessus1 ubuntu1 cloudfoundry1 openvas1 nvd4 debiancve4 cve4 prion4 ubuntucve4 cvelist4 redhatcve3 osv4 cbl_mariner1