Lucene search

Ubuntu.comUB:CVE-2024-37795

HistoryJun 17, 2024 - 12:00 a.m.

CVE-2024-37795

2024-06-1700:00:00

ubuntu.com

cvc5 solver

segmentation fault

denial of service

smt-lib input

crafting errors

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a
Denial of Service (DoS) via a crafted SMT-LIB input file containing the
set-logic command with specific formatting errors.

Bugs

<https://github.com/cvc5/cvc5/issues/10813>

Notes

Author	Note
	Priority reason: CLI crash only.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchcvc5< anyUNKNOWN
ubuntu24.04noarchcvc5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	cvc5	< any	UNKNOWN
ubuntu	24.04	noarch	cvc5	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2024-37795

nvd.nist.gov/vuln/detail/CVE-2024-37795

security-tracker.debian.org/tracker/CVE-2024-37795

www.cve.org/CVERecord?id=CVE-2024-37795