Skip to content

Instantly share code, notes, and snippets.

@Colloportus0
Last active March 16, 2023 07:21
Show Gist options
  • Save Colloportus0/fc16d10d74aedf89d5d1d020ebb89c0c to your computer and use it in GitHub Desktop.
Save Colloportus0/fc16d10d74aedf89d5d1d020ebb89c0c to your computer and use it in GitHub Desktop.
CVE-2023-26924 description
[description]
llvm-project commit a0dab4950 is vulnerable to Buffer Overflow via
mlir::outlineSingleBlockRegion.
------------------------------------------
[Vulnerability Type]
Buffer Overflow
------------------------------------------
[Vendor of Product]
llvm-project
------------------------------------------
[Affected Product Code Base]
https://github.com/llvm/llvm-project - commit id : a0dab4950
------------------------------------------
[Affected Component]
mlir::outlineSingleBlockRegion(mlir::RewriterBase&, mlir::Location, mlir::Region&, llvm::StringRef, mlir::func::CallOp*)
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
mlir-opt --test-scf-if-utils temp.mlir
------------------------------------------
[Reference]
https://github.com/llvm/llvm-project/issues/60216
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Colloportus0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment