CVE-2024-40897

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ORC versions prior to 0.4.39

Description A stack-based buffer overflow vulnerability exists in the orcparse.c file of the ORC compiler. If a developer is tricked into processing a specially crafted file with the affected ORC compiler, arbitrary code may be executed on the developer's build environment. This could lead to the compromise of developer machines or CI build environments.

Recommendations For ORC versions prior to 0.4.39, update to version 0.4.39 or later to resolve the issue. As a temporary workaround, consider restricting the use of the affected ORC compiler until a patch is available. Avoid processing specially crafted files with the affected ORC compiler to minimize the risk of exploitation.

Fix

DoS

Stack Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787CWE-119

Related Identifiers

ALSA-2024:5306

ALSA-2024:6184

ALT-PU-2024-12778

ALT-PU-2024-13113

ALT-PU-2024-13215

AZL-47050

AZL-47122

BDU:2024-06669

CESA-2024_5306

CVE-2024-40897

INFSA-2024_5306

INFSA-2024_6184

MGASA-2024-0288

OESA-2024-1975

OPENSUSE-SU-2024:14216-1

OPENSUSE-SU-2024_2663-1

OPENSUSE-SU-2025_0344-1

RHSA-2024:5306

RHSA-2024:5629

RHSA-2024:5638

RHSA-2024:5882

RHSA-2024:6159

RHSA-2024:6184

RHSA-2024_5306

RHSA-2024_6184

ROSA-SA-2025-2587

SUSE-SU-2024:2643-1

SUSE-SU-2024:2663-1

SUSE-SU-2024_2643-1

SUSE-SU-2024_2663-1

SUSE-SU-2025:0314-1

SUSE-SU-2025:0344-1

SUSE-SU-2025:20060-1

SUSE-SU-2025:20152-1

SUSE-SU-2025:20272-1

SUSE-SU-2025_0314-1

SUSE-SU-2025_0344-1

USN-6964-1

USN-6964-2

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Orc

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-40897

Weakness Enumeration

Related Identifiers

Affected Products

References · 71