Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33227
HistoryDec 10, 2021 - 7:26 a.m.

Denial Of Service (DoS)

2021-12-1007:26:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
libsepol denial of service selinux vulnerability buffer over-read heap-based cil compiler ebitmap_match_any cil_check_neverallow optional block software

EPSS

0.001

Percentile

30.7%

libsepol is vulnerable to denial of service. The CIL compiler in SELinux has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.