CVE-2025-40843Stack-based Buffer Overflow in Codechecker

CWE-121Stack-based Buffer Overflow4 documents4 sources
Severity
7.8HIGHNVD
CNA5.9
EPSS
0.0%
top 94.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ericsson Codechecker
Timeline
PublishedOct 28

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDericsson/codechecker< 6.26.2
PyPIericsson/codechecker< 6.26.2
CVEListV5ericsson/codechecker6.26.1

🔴Vulnerability Details

3
CVEList
Buffer overflow in CodeChecker log command2025-10-28
OSV
CodeChecker has a buffer overflow in the log command2025-09-22
GHSA
CodeChecker has a buffer overflow in the log command2025-09-22
CVE-2025-40843 — Stack-based Buffer Overflow | cvebase