CVE-2024-37795

EUVD-2024-36829
A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Debian logo
Debian Releases
Debian Product
Codename
cvc5
bookworm
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cvc5
focal
dne
jammy
dne
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
Common Weakness Enumeration
References
https://github.com/cvc5/cvc5/issues/10813
https://github.com/cvc5/cvc5/issues/10813