12 matches found
CVE-2022-44318
CVE-2022-44318 affects PicoC 3.2.2, with a heap buffer overflow in the StringStrcat function (stdlib/string.c) when invoked via ExpressionParseFunctionCall. Root cause: improper handling during string concatenation leading to a heap overflow. Impact stated as availability-related (HIGH) in CVSS d...
CVE-2022-34556
PicoC 3.2.2 contains a NULL pointer dereference in variable.c, causing crashes (denial of service potential). The CVE entry notes PicoC v3.2.2 as vulnerable due to a NULL dereference; Red Hat and CNVD/CNNVD entries reiterate the issue. A dedicated exploit demonstrating the NULL pointer dereferenc...
CVE-2022-44316
PicoC 3.2.2 is affected by a heap buffer overflow in LexGetStringConstant (lex.c) when invoked via LexScanGetToken. This CVE (CVE-2022-44316) is documented across multiple sources (NVD, Red Hat, OSV, CNNVD, etc.). The issue arises within the LexGetStringConstant routine and results in a high impa...
CVE-2022-44317
CVE-2022-44317 affects PicoC 3.2.2. A heap buffer overflow occurs in the StdioOutPutc function in stdlib/stdio.c when called from ExpressionParseFunctionCall. CVSS metrics in the initial record show a base score of 5.5 (Medium) with LOCAL attack vector, LOW attack complexity, no privileges requir...
CVE-2022-44320
PicoC 3.2.2 contains a heap buffer overflow in the ExpressionCoerceFP function (expression.c) when called from ExpressionParseFunctionCall. Root cause: overflow in heap handling within the interpreter’s expression parsing. Reported impact includes availability impact (possible crash) with CVSS: L...
CVE-2022-44319
PicoC 3.2.2 is affected by a heap buffer overflow in StdioBasePrintf (stdlib/string.c) triggered when called via ExpressionParseFunctionCall. Documented impact and details: CVE-2022-44319 with CVSS v3.1 metrics showing a local attacker can cause high availability impact; base score 5.5 (Medium), ...
CVE-2022-44315
CVE-2022-44315 affects PicoC 3.2.2. The vulnerability is a heap buffer overflow in ExpressionAssign (expression.c) when invoked via ExpressionParseFunctionCall. The provided documents describe the issue’s root cause and affected component but do not provide a patch version or remediation steps. P...
CVE-2022-44321
The CVE-2022-44321 entry covers a heap buffer overflow in PicoC 3.2.2, occurring in LexSkipComment (lex.c) when invoked via LexScanGetToken. This is a local issue (AV:L, AC:L, PR:N, UI:R) with a Medium base score (5.5) and Availability impact listed as High; exploitation status is not provided in...
CVE-2022-44312
CVE-2022-44312 affects PicoC version 3.2.2, with a heap buffer overflow in the ExpressionCoerceInteger function (expression.c) when invoked via ExpressionInfixOperator. The issue is documented across multiple sources and has a CVSSv3.1 base score of 5.5 (Medium, Local, Availability impact). A pat...
CVE-2022-44313
CVE-2022-44313 affects PicoC 3.2.2 with a heap buffer overflow in ExpressionCoerceUnsignedInteger (expression.c) when invoked via ExpressionParseFunctionCall. Public details shown in multiple sources indicate Local access, Low attack complexity, User interaction required, and Availability impact ...
CVE-2022-44314
PicoC 3.2.2 contains a heap buffer overflow in StringStrncpy in cstdlib/string.c when invoked via ExpressionParseFunctionCall. Descriptions across multiple sources indicate this boundary/overflow can be triggered by processing untrusted input, with the consequence described as a denial of service...
CVE-2019-16277
PicoC 2.1 is affected by CVE-2019-16277 due to a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when invoked from ExpressionParseFunctionCall in expression.c. The Red Hat entry confirms impact on PicoC 2.1; other references consistently describe the same issue. No exploit or mitig...