Search CVE reports
1 – 8 of 8 results
CVE-2024-45056
Medium priorityzksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...
21 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
| llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
| llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
| llvm-toolchain-13 | Not in release | Not affected | Not in release | — | — |
| llvm-toolchain-14 | Not affected | Not affected | Not in release | — | — |
| llvm-toolchain-15 | Not affected | Not affected | Not in release | — | — |
| llvm-toolchain-16 | Not affected | Not in release | Not in release | — | — |
| llvm-toolchain-17 | Not affected | Not in release | Not in release | — | — |
| llvm-toolchain-18 | Not affected | Not in release | Not in release | — | — |
| llvm-toolchain-19 | Not in release | Not in release | Not in release | — | — |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
| llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2024-31852
Low priorityLLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can...
15 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-10 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| llvm-toolchain-11 | Not in release | Needs evaluation | Needs evaluation | — | — |
| llvm-toolchain-12 | Not in release | Needs evaluation | Needs evaluation | — | — |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| llvm-toolchain-6.0 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| llvm-toolchain-7 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| llvm-toolchain-8 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| llvm-toolchain-9 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| llvm-toolchain-snapshot | Not in release | Not in release | Not in release | — | — |
CVE-2023-46049
Medium priority** DISPUTED ** LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between...
14 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
| llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
| llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
| llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2023-26924
Negligible priority** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can...
18 affected packages
llvm, llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm | — | Not in release | Not in release | Not in release | Ignored |
| llvm-toolchain-10 | — | Not in release | Not affected | Not affected | Not in release |
| llvm-toolchain-11 | — | Not affected | Not affected | Not in release | Not in release |
| llvm-toolchain-12 | — | Not affected | Not affected | Not in release | Not in release |
| llvm-toolchain-3.3 | — | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.4 | — | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.5 | — | Not in release | Not in release | Not in release | Not affected |
| llvm-toolchain-3.6 | — | Not in release | Not in release | Not in release | Not affected |
| llvm-toolchain-3.7 | — | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-3.8 | — | Not in release | Not in release | Not in release | Not affected |
| llvm-toolchain-3.9 | — | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-4.0 | — | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-5.0 | — | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-6.0 | — | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-7 | — | Not in release | Not affected | Not affected | Not in release |
| llvm-toolchain-8 | — | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-9 | — | Not in release | Not affected | Not affected | Not in release |
| llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-13844
Medium prioritySome fixes available 3 of 199
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka...
54 affected packages
gcc-10, gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gcc-10 | Not affected | Not affected | Fixed | Not in release | Not in release |
| gcc-3.3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-4.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-4.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-4.7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.7-armel-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.7-armhf-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.8 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| gcc-4.8-arm64-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.8-armhf-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.8-powerpc-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.8-ppc64el-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-4.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-5 | Not in release | Not in release | Not in release | Not affected | Not affected |
| gcc-5-cross | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| gcc-6 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| gcc-6-cross | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| gcc-6-cross-ports | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| gcc-7 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
| gcc-7-cross | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| gcc-7-cross-ports | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| gcc-8 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
| gcc-8-cross | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
| gcc-8-cross-ports | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
| gcc-9 | Not affected | Not affected | Fixed | Not in release | Not in release |
| gcc-9-cross | Not affected | Not affected | Fixed | Not in release | Not in release |
| gcc-9-cross-ports | Vulnerable | Vulnerable | Vulnerable | Not in release | Not in release |
| gcc-arm-linux-androideabi | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-arm-none-eabi | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-avr | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-defaults | Not affected | Not affected | Not affected | Not affected | Not affected |
| gcc-defaults-arm64-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armel-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-armhf-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-powerpc-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-defaults-ppc64el-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
| gcc-h8300-hms | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-i686-linux-android | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| gcc-m68hc1x | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-mingw-w64 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-msp430 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-opt | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gcc-snapshot | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| gccgo-4.9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gccgo-6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| llvm-toolchain-3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| llvm-toolchain-3.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2015-3027
Low priorityClang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard...
7 affected packages
llvm, llvm-toolchain-3.2, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.2 | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.3 | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.4 | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.5 | — | — | — | Not in release | Ignored |
| llvm-toolchain-3.6 | — | — | — | Not in release | Ignored |
| llvm-toolchain-snapshot | — | — | — | Not in release | Not in release |
CVE-2015-2305
Medium prioritySome fixes available 30 of 84
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...
23 affected packages
alpine, clamav, cups, efl, haskell-regex-posix...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| alpine | Not affected | Not affected | Not affected | Not affected | Not affected |
| clamav | Fixed | Fixed | Fixed | Fixed | Fixed |
| cups | Not affected | Not affected | Not affected | Not affected | Not affected |
| efl | Not affected | Not affected | Not affected | Not affected | Not affected |
| haskell-regex-posix | Not affected | Not affected | Not affected | Not affected | Not affected |
| knews | Not affected | Not affected | Not affected | Not affected | Not affected |
| librcsb-core-wrapper | Not affected | Not affected | Not affected | Not affected | Not affected |
| llvm-toolchain-3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
| newlib | Not affected | Not affected | Not affected | Not affected | Not affected |
| nvi | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| olsrd | Not in release | Not in release | Not in release | Not affected | Not affected |
| openrpt | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| ptlib | Not in release | Not in release | Not in release | Not affected | Not affected |
| radare2 | Not affected | Not in release | Not affected | Not affected | Vulnerable |
| sma | Not affected | Not affected | Not affected | Not affected | Not affected |
| vigor | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not affected | Not affected |
| yap | Not in release | Not in release | Not in release | Not affected | Not affected |
| z88dk | Not in release | Not in release | Not in release | Not in release | Not affected |
CVE-2014-2893
Low priorityThe GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
6 affected packages
llvm-toolchain-3.2, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5, llvm-toolchain-3.6, llvm-toolchain-snapshot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-3.2 | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.3 | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.4 | — | — | — | Not in release | Not in release |
| llvm-toolchain-3.5 | — | — | — | Not in release | Not affected |
| llvm-toolchain-3.6 | — | — | — | Not in release | Not affected |
| llvm-toolchain-snapshot | — | — | — | Not in release | Not in release |