niklasso minisat: Unrestricted File Access through Local Manipulation

Summary

A weakness in niklasso minisat allows an attacker to access unauthorized data on the same computer. This vulnerability is serious because it could allow an attacker to read sensitive information. If you use niklasso minisat, update to version 2.2.1 or later to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
minisat	minisat	<= 2.2.0	–

Original title

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulatio...

Original description

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

nvd CVSS2.0 1.7

nvd CVSS3.1 7.8

nvd CVSS4.0 4.8

Vulnerability type

CWE-119 Buffer Overflow

CWE-125 Out-of-bounds Read

CWE-787 Out-of-bounds Write

https://github.com/niklasso/minisat/ Product Vendor Advisory
https://github.com/niklasso/minisat/issues/55 Exploit Issue Tracking Vendor Advisory
https://github.com/niklasso/minisat/issues/55#issue-3832527387 Exploit Issue Tracking
https://vuldb.com/?ctiid.346406 Permissions Required VDB Entry
https://vuldb.com/?id.346406 Third Party Advisory VDB Entry
https://vuldb.com/?submit.752775 Exploit Third Party Advisory VDB Entry