CVE-2023-26924 — Classic Buffer Overflow in Llvm

CWE-120 — Classic Buffer Overflow CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 62.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Llvm Debian Llvm-toolchain-14 Debian Llvm-toolchain-15

Timeline

PublishedMar 27

Latest updateMar 28

Description

LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDllvm/llvm2023-01-22

▶debiandebian/llvm-toolchain-14

▶debiandebian/llvm-toolchain-15

🔴Vulnerability Details

GHSA

GHSA-472h-pprq-pg3p: LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion↗2023-03-28

▶

OSV

CVE-2023-26924: LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion↗2023-03-27

▶

📋Vendor Advisories

Red Hat

llvm: mlir:: outlineSingleBlockRegion crashes with segmentation fault↗2023-03-28

▶

Debian

CVE-2023-26924: llvm-toolchain-14 - LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE:...↗2023

▶