Description
An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.
References (5)
Core 5
Core References
Various Sources
https://www.minizinc.org/doc-2.8.3/en/changelog.html
Issue Tracking
https://github.com/MiniZinc/libminizinc/issues/730
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/176817/MiniZinc-2.7.6-Null-Pointer.html
Mailing List mailing-list
http://seclists.org/fulldisclosure/2024/Jan/63
Scores
CVSS v3
5.5
EPSS
0.0028
EPSS Percentile
19.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Published
Mar 27, 2024
Tracked Since
Feb 18, 2026