CVE-2023-46046

An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jan/63
https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0
https://github.com/MiniZinc/libminizinc/issues/730
https://www.minizinc.org/doc-2.8.3/en/changelog.html
http://packetstormsecurity.com/files/176817/MiniZinc-2.7.6-Null-Pointer.html
http://seclists.org/fulldisclosure/2024/Jan/63
https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0
https://github.com/MiniZinc/libminizinc/issues/730
https://www.minizinc.org/doc-2.8.3/en/changelog.html

Configurations

No configuration.

History

04 Nov 2025, 19:16

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176817/MiniZinc-2.7.6-Null-Pointer.html -

Information

Published : 2024-03-27 05:15

Updated : 2025-11-04 19:16

NVD link : CVE-2023-46046

Mitre link : CVE-2023-46046

CVE.ORG link : CVE-2023-46046

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2023-46046", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-03-27T05:15:47.440", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Jan/63", "source": "cve@mitre.org"}, {"url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0", "source": "cve@mitre.org"}, {"url": "https://github.com/MiniZinc/libminizinc/issues/730", "source": "cve@mitre.org"}, {"url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/176817/MiniZinc-2.7.6-Null-Pointer.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/63", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/MiniZinc/libminizinc/issues/730", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files."}, {"lang": "es", "value": "Un problema en MiniZinc anterior a 2.8.0 permite una desreferencia de puntero NULL a trav\u00e9s de ti_expr en un archivo .mzn manipulado. NOTA: esto est\u00e1 en disputa porque no existe un caso de uso com\u00fan de libminizinc en el que se suponga que un proceso desatendido debe ejecutarse indefinidamente para procesar una serie de archivos .mzn controlados por atacantes."}], "lastModified": "2025-11-04T19:16:03.460", "sourceIdentifier": "cve@mitre.org"}