Search CVE reports

Toggle filters

1 – 8 of 8 results

CVE-2024-45056

Medium priority
Not affected

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...

21 affected packages

llvm-toolchain-3.5, llvm-toolchain-3.6, llvm-toolchain-3.7, llvm-toolchain-3.8, llvm-toolchain-3.9...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
llvm-toolchain-3.5 Not in release Not in release Not in release
llvm-toolchain-3.6 Not in release Not in release Not in release
llvm-toolchain-3.7 Not in release Not in release Not in release Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release
llvm-toolchain-3.9 Not in release Not in release Not in release Not affected
llvm-toolchain-4.0 Not in release Not in release Not in release Not affected
llvm-toolchain-5.0 Not in release Not in release Not in release Not affected
llvm-toolchain-6.0 Not in release Not in release Not affected Not affected
llvm-toolchain-7 Not in release Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not in release Not affected Not affected
llvm-toolchain-9 Not in release Not in release Not affected Not affected
llvm-toolchain-10 Not in release Not in release Not affected Not affected
llvm-toolchain-11 Not in release Not affected Not affected
llvm-toolchain-12 Not in release Not affected Not affected
llvm-toolchain-13 Not in release Not affected Not in release
llvm-toolchain-14 Not affected Not affected Not in release
llvm-toolchain-15 Not affected Not affected Not in release
llvm-toolchain-16 Not affected Not in release Not in release
llvm-toolchain-17 Not affected Not in release Not in release
llvm-toolchain-18 Not affected Not in release Not affected
llvm-toolchain-19 Not affected Not in release Not in release
Show all 21 packages Show less packages

CVE-2024-31852

Low priority
Needs evaluation

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can...

15 affected packages

llvm-toolchain-snapshot, llvm-toolchain-3.5, llvm-toolchain-3.6, llvm-toolchain-3.7, llvm-toolchain-3.8...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
llvm-toolchain-snapshot Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release
llvm-toolchain-3.6 Not in release Not in release Not in release
llvm-toolchain-3.7 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.8 Not in release Not in release Not in release
llvm-toolchain-3.9 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-4.0 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-5.0 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-6.0 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-7 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-8 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-9 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-10 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-11 Not in release Needs evaluation Needs evaluation
llvm-toolchain-12 Not in release Needs evaluation Needs evaluation
Show all 15 packages Show less packages

CVE-2023-46049

Medium priority
Not affected

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any...

14 affected packages

llvm-toolchain-3.5, llvm-toolchain-3.6, llvm-toolchain-3.7, llvm-toolchain-3.8, llvm-toolchain-3.9...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
llvm-toolchain-3.5 Not in release Not in release Not in release
llvm-toolchain-3.6 Not in release Not in release Not in release
llvm-toolchain-3.7 Not in release Not in release Not in release Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release
llvm-toolchain-3.9 Not in release Not in release Not in release Not affected
llvm-toolchain-4.0 Not in release Not in release Not in release Not affected
llvm-toolchain-5.0 Not in release Not in release Not in release Not affected
llvm-toolchain-6.0 Not in release Not in release Not affected Not affected
llvm-toolchain-7 Not in release Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not in release Not affected Not affected
llvm-toolchain-9 Not in release Not in release Not affected Not affected
llvm-toolchain-10 Not in release Not in release Not affected Not affected
llvm-toolchain-11 Not in release Not affected Not affected
llvm-toolchain-12 Not in release Not affected Not affected
Show all 14 packages Show less packages

CVE-2023-26924

Negligible priority
Ignored

LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes “Language front-ends ... for which a malicious input file can cause undesirable...

18 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
llvm-toolchain-10 Not in release Not affected Not affected
llvm-toolchain-11 Not affected Not affected Not in release
llvm-toolchain-3.3 Not in release Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release
llvm-toolchain-3.6 Not in release Not in release Not in release
llvm-toolchain-3.7 Not in release Not in release Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release
llvm-toolchain-3.9 Not in release Not in release Not affected
llvm-toolchain-4.0 Not in release Not in release Not affected
llvm-toolchain-5.0 Not in release Not in release Not affected
llvm-toolchain-6.0 Not in release Not affected Not affected
llvm-toolchain-7 Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not affected Not affected
llvm-toolchain-9 Not in release Not affected Not affected
llvm Not in release Not in release Not in release
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release
llvm-toolchain-12 Not affected Not affected Not in release
Show all 18 packages Show less packages

CVE-2020-13844

Medium priority

Some fixes available 3 of 205

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka...

54 affected packages

gcc-7, gcc-8, gcc-8-cross, gcc-8-cross-ports, gcc-9...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gcc-7 Not in release Not in release Vulnerable Vulnerable
gcc-8 Not in release Not in release Vulnerable Vulnerable
gcc-8-cross Not in release Not in release Vulnerable Vulnerable
gcc-8-cross-ports Not in release Not in release Vulnerable Vulnerable
gcc-9 Not affected Not affected Fixed Not in release
gcc-9-cross Not affected Not affected Fixed Not in release
gcc-9-cross-ports Vulnerable Vulnerable Vulnerable Not in release
gcc-arm-none-eabi Vulnerable Vulnerable Vulnerable Vulnerable
gcc-avr Vulnerable Vulnerable Vulnerable Vulnerable
gcc-defaults Not affected Not affected Not affected Not affected
gcc-h8300-hms Vulnerable Vulnerable Vulnerable Vulnerable
gcc-m68hc1x Not in release Vulnerable Vulnerable Vulnerable
gcc-mingw-w64 Vulnerable Vulnerable Vulnerable Vulnerable
gcc-msp430 Not in release Vulnerable Vulnerable Vulnerable
gcc-opt Vulnerable Vulnerable Vulnerable Vulnerable
gcc-snapshot Vulnerable Vulnerable Vulnerable Vulnerable
gcc-3.3 Vulnerable Vulnerable Vulnerable Vulnerable
gcc-4.4 Not in release Not in release Not in release Not in release
gcc-4.6 Not in release Not in release Not in release Not in release
gcc-4.7-armel-cross Not in release Not in release Not in release Not in release
gcc-4.7-armhf-cross Not in release Not in release Not in release Not in release
gcc-4.8-arm64-cross Not in release Not in release Not in release Not in release
gcc-defaults-arm64-cross Not in release Not in release Not in release Not in release
gcc-defaults-armel-cross Not in release Not in release Not in release Not in release
llvm-toolchain-3.3 Not in release Not in release Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not in release
gcc-10 Not affected Not affected Fixed Not in release
gcc-4.7 Not in release Not in release Not in release Not in release
gcc-4.8 Not in release Not in release Not in release Vulnerable
gcc-5 Not in release Not in release Not in release Not affected
gcc-5-cross Not in release Not in release Not in release Vulnerable
gcc-6 Not in release Not in release Not in release Vulnerable
gcc-6-cross Not in release Not in release Not in release Vulnerable
gcc-6-cross-ports Not in release Not in release Not in release Vulnerable
gcc-7-cross Not in release Not in release Not in release Vulnerable
gcc-4.8-armhf-cross Not in release Not in release Not in release Not in release
gcc-4.8-powerpc-cross Not in release Not in release Not in release Not in release
gcc-4.8-ppc64el-cross Not in release Not in release Not in release Not in release
gccgo-4.9 Not in release Not in release Not in release Not in release
gcc-4.9 Not in release Not in release Not in release Not in release
gcc-7-cross-ports Not in release Not in release Not in release Vulnerable
gcc-arm-linux-androideabi Not in release Not in release Not in release Not in release
gcc-defaults-armhf-cross Not in release Not in release Not in release Not in release
gcc-defaults-powerpc-cross Not in release Not in release Not in release Not in release
gccgo-6 Not in release Not in release Not in release Not in release
gcc-defaults-ppc64el-cross Not in release Not in release Not in release Not in release
gcc-i686-linux-android Not in release Not in release Not in release Not in release
llvm-toolchain-3.6 Not in release Not in release Not in release Not in release
llvm-toolchain-3.7 Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.8 Not in release Not in release Not in release Not in release
llvm-toolchain-3.9 Not in release Not in release Not in release Vulnerable
llvm-toolchain-4.0 Not in release Not in release Not in release Vulnerable
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release
Show all 54 packages Show less packages

CVE-2015-3027

Low priority
Ignored

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard...

7 affected packages

llvm, llvm-toolchain-3.2, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
llvm Not in release
llvm-toolchain-3.2 Not in release
llvm-toolchain-3.3 Not in release
llvm-toolchain-3.4 Not in release
llvm-toolchain-3.5 Not in release
llvm-toolchain-3.6 Not in release
llvm-toolchain-snapshot Not in release
Show all 7 packages Show less packages

CVE-2015-2305

Medium priority

Some fixes available 31 of 85

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...

23 affected packages

clamav, radare2, librcsb-core-wrapper, efl, alpine...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
clamav Fixed Fixed Fixed Fixed
radare2 Not affected Not in release Not affected Not affected
librcsb-core-wrapper Not affected Not affected Not affected Not affected
efl Not affected Not affected Not affected Not affected
alpine Not affected Not affected Not affected Not affected
ptlib Not in release Not in release Not in release Not affected
nvi Not affected Not affected Not affected Not affected
openrpt Not in release Not in release Not in release Vulnerable
cups Not affected Not affected Not affected Not affected
haskell-regex-posix Not affected Not affected Not affected Not affected
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not in release
llvm-toolchain-3.6 Not in release Not in release Not in release Not in release
newlib Not affected Not affected Not affected Not affected
olsrd Not in release Not in release Not in release Not affected
php5 Not in release Not in release Not in release Not in release
sma Not affected Not affected Not affected Not affected
vigor Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not affected
yap Not in release Not in release Not in release Not affected
z88dk Not in release Not in release Not in release Not in release
knews Not affected Not affected Not affected Not affected
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release
Show all 23 packages Show less packages

CVE-2014-2893

Low priority
Ignored

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

6 affected packages

llvm-toolchain-3.2, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5, llvm-toolchain-3.6, llvm-toolchain-snapshot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
llvm-toolchain-3.2 Not in release
llvm-toolchain-3.3 Not in release
llvm-toolchain-3.4 Not in release
llvm-toolchain-3.5 Not in release
llvm-toolchain-3.6 Not in release
llvm-toolchain-snapshot Not in release
Show less packages