{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-46046", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-05T15:23:01.937Z", "dateReserved": "2023-10-16T00:00:00", "datePublished": "2024-03-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-27T04:54:21.950151"}, "descriptions": [{"lang": "en", "value": "An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/MiniZinc/libminizinc/issues/730"}, {"name": "20240126 null pointer deference in MiniZinc via a crafted .mzn file", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2024/Jan/63"}, {"url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html"}, {"url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-17T03:12:01.295697Z", "id": "CVE-2023-46046", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T15:23:01.937Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:39.443Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/MiniZinc/libminizinc/issues/730", "tags": ["x_transferred"]}, {"name": "20240126 null pointer deference in MiniZinc via a crafted .mzn file", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2024/Jan/63"}, {"url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html", "tags": ["x_transferred"]}, {"url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/MiniZinc/libminizinc/issues/730", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/63", "name": "20240126 null pointer deference in MiniZinc via a crafted .mzn file", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html", "tags": ["x_transferred"]}, {"url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:39.443Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-46046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-17T03:12:01.295697Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:19.042Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/MiniZinc/libminizinc/issues/730"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/63", "name": "20240126 null pointer deference in MiniZinc via a crafted .mzn file", "tags": ["mailing-list"]}, {"url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html"}, {"url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0"}], "descriptions": [{"lang": "en", "value": "An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-27T04:54:21.950151"}}}, "cveMetadata": {"cveId": "CVE-2023-46046", "state": "PUBLISHED", "dateUpdated": "2024-11-05T15:23:01.937Z", "dateReserved": "2023-10-16T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-27T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files."}, {"lang": "es", "value": "Un problema en MiniZinc anterior a 2.8.0 permite una desreferencia de puntero NULL a trav\u00e9s de ti_expr en un archivo .mzn manipulado. NOTA: esto est\u00e1 en disputa porque no existe un caso de uso com\u00fan de libminizinc en el que se suponga que un proceso desatendido debe ejecutarse indefinidamente para procesar una serie de archivos .mzn controlados por atacantes."}], "id": "CVE-2023-46046", "lastModified": "2024-11-21T08:27:48.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-27T05:15:47.440", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2024/Jan/63"}, {"source": "cve@mitre.org", "url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0"}, {"source": "cve@mitre.org", "url": "https://github.com/MiniZinc/libminizinc/issues/730"}, {"source": "cve@mitre.org", "url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Jan/63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/MiniZinc/libminizinc/issues/730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.minizinc.org/doc-2.8.3/en/changelog.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}