The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | clang | * |
| opensuse | opensuse | 13.1 |
LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2023-01-22 |
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2022-11-01 |
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2022-12-11 |
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2022-11-22 |
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2022-11-23 |
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2023-01-12 |
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2023-01-12 |
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| llvm | llvm | 2023-01-12 |