CVE-2023-46046

Published March 27th, 2024

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.

MiniZinc/libminizinc

The MiniZinc compiler

GitHub

686