CVE-2023-46046

Name of the Vulnerable Software and Affected Versions MiniZinc versions prior to 2.8.0

Description The issue allows a NULL pointer dereference via ti expr in a crafted .mzn file. This is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of attacker-controlled .mzn files.

Recommendations For versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted .mzn files to minimize the risk of exploitation. Avoid using the ti expr function with untrusted input until the issue is resolved.