MidnightBSD

Advisories for llvm

CVE-2014-2893 LOW

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
llvm clang *
opensuse opensuse 13.1
CVE-2023-26924

LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
llvm llvm 2023-01-22
CVE-2023-29932

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.

Products Affected

Vendor Product Version
llvm llvm 2022-11-01
CVE-2023-29933

llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.

Products Affected

Vendor Product Version
llvm llvm 2022-12-11
CVE-2023-29934

llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().

Products Affected

Vendor Product Version
llvm llvm 2022-11-22
CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.

Products Affected

Vendor Product Version
llvm llvm 2022-11-23
CVE-2023-29939

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).

Products Affected

Vendor Product Version
llvm llvm 2023-01-12
CVE-2023-29941

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.

Products Affected

Vendor Product Version
llvm llvm 2023-01-12
CVE-2023-29942

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.

Products Affected

Vendor Product Version
llvm llvm 2023-01-12