PT-2019-18647 · None · Boolector
Published
2019-02-07
·
Updated
2022-05-14
·
CVE-2019-7560
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Boolector version 3.0.0
Description
The issue arises in the parser/btorsmt2.c file of Boolector, where opening a specially crafted input file can lead to a use after free error in the
get failed assumptions or btor delete functions.Recommendations
For Boolector version 3.0.0, consider avoiding the use of specially crafted input files until a patch is available. As a temporary workaround, restrict access to the
get failed assumptions and btor delete functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Boolector