Lucene search

Ubuntu.comUB:CVE-2024-37794

HistoryJun 17, 2024 - 12:00 a.m.

CVE-2024-37794

2024-06-1700:00:00

ubuntu.com

cvc5 solver v1.1.3

denial of service

crafted smt2 input file

improper input validation

cli crash

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

JSON

Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a
Denial of Service (DoS) via a crafted SMT2 input file.

Bugs

<https://github.com/cvc5/cvc5/issues/10813>

Notes

Author	Note
	Priority reason: CLI crash only.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchcvc5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	cvc5	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2024-37794

nvd.nist.gov/vuln/detail/CVE-2024-37794

security-tracker.debian.org/tracker/CVE-2024-37794

www.cve.org/CVERecord?id=CVE-2024-37794

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

JSON

Related for UB:CVE-2024-37794