[Bug 1215233] New: VUL-0: CVE-2023-39070: cppcheck: heap use-after-free in removeContradiction()
https://bugzilla.suse.com/show_bug.cgi?id=1215233 Bug ID: 1215233 Summary: VUL-0: CVE-2023-39070: cppcheck: heap use-after-free in removeContradiction() Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/377919/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: dmueller@suse.com Reporter: carlos.lopez@suse.com QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- CVE-2023-39070 An issue in Cppcheck 2.12 dev leads to heap use-after-free in the removeContradiction() function in token.cpp when checking a specially crafted input. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39070 https://bugzilla.redhat.com/show_bug.cgi?id=2238464 https://www.cve.org/CVERecord?id=CVE-2023-39070 https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/ -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215233 https://bugzilla.suse.com/show_bug.cgi?id=1215233#c6 --- Comment #6 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1215233) was mentioned in https://build.opensuse.org/request/show/1134347 Factory / cppcheck https://build.opensuse.org/request/show/1134348 Backports:SLE-15-SP6 / cppcheck https://build.opensuse.org/request/show/1134350 Backports:SLE-15-SP5 / cppcheck -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com