Lucene search

Veracode Vulnerability DatabaseVERACODE:46246

HistoryApr 06, 2024 - 6:18 a.m.

NULL Pointer Dereference

2024-04-0606:18:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

minizinc

vulnerability

null pointer dereference

ti_expr

crafted file

attackers

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

MiniZinc is vulnerable to a NULL pointer dereference via ti_expr in a crafted .mzn file. This vulnerability arises due to improper handling of ti_expr, allowing attackers to trigger a NULL pointer dereference by providing a specially crafted .mzn file.

CPENameOperatorVersion
minizinc:sideq2.5.3+dfsg1-1
minizinc:sideq2.5.2+dfsg1-1
minizinc:sideq2.5.3+dfsg1-1
minizinc:sideq2.5.2+dfsg1-1

Name	Operator	Version
minizinc:sid	eq	2.5.3+dfsg1-1
minizinc:sid	eq	2.5.2+dfsg1-1
minizinc:sid	eq	2.5.3+dfsg1-1
minizinc:sid	eq	2.5.2+dfsg1-1

References

seclists.org/fulldisclosure/2024/Jan/63

github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0

github.com/MiniZinc/libminizinc/issues/730

security-tracker.debian.org/tracker/CVE-2023-46046

www.minizinc.org/doc-2.8.3/en/changelog.html