CVE-2023-46046

NameCVE-2023-46046
DescriptionAn issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
minizinc (PTS)stretch2.0.14+dfsg1-1vulnerable
buster2.1.7+dfsg1-1vulnerable
bullseye2.5.3+dfsg1-1vulnerable
bookworm2.6.4+dfsg1-1vulnerable
sid, trixie2.8.7+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
minizincsource(unstable)2.8.2+dfsg1-1unimportant

Notes

https://github.com/MiniZinc/libminizinc/issues/730
https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0 (2.8.0)
Negligible security impact, crash in CLI tool

Search for package or bug name: Reporting problems