Description
A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-02-18
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Information Disclosure
Action: Assess Impact
AI Analysis

Impact

A flaw in the MiniSat DIMACS file parser allows a local attacker to supply an index value of 2147483648 to the Solver::value function, which then performs an out‑of‑bounds read. The vulnerability does not provide direct code execution but can leak contents of the process memory, potentially revealing sensitive information. The weakness is a classic out‑of‑bounds read, classified as CWE‑119, CWE‑125, and CWE‑787.

Affected Systems

The issue affects all builds of niklasso MiniSat up to and including version 2.2.0. Users deploying MiniSat for local SAT solving tasks on their own machines—in particular those parsing user‑supplied DIMACS files—are therefore potentially impacted.

Risk and Exploitability

The CVSS score is 4.8, indicating moderate severity, while the EPSS score is less than 1%, showing a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers must have local access to the system to exploit the read, and publicly available proof‑of‑concept code exists. Consequently, the risk is moderate for environments where MiniSat is used with untrusted inputs, but overall exploitation likelihood remains low.

Generated by OpenCVE AI on April 17, 2026 at 18:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MiniSat to a version newer than 2.2.0 once the vendor releases a patch that adds bounds checking to Solver::value.
  • If an upgrade is not immediately possible, apply a local code change that validates the index against the size of the internal array before performing the read, thereby preventing out‑of‑bounds access.
  • Restrict the ability of local users to invoke the vulnerable parsing routine by tightening file permissions or running the parser under a dedicated service account with minimal privileges.

Generated by OpenCVE AI on April 17, 2026 at 18:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Minisat
Minisat minisat
Weaknesses CWE-787
CPEs cpe:2.3:a:minisat:minisat:*:*:*:*:*:*:*:*
Vendors & Products Minisat
Minisat minisat

Wed, 18 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Niklasso
Niklasso minisat
Vendors & Products Niklasso
Niklasso minisat

Wed, 18 Feb 2026 07:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title niklasso minisat DIMACS File SolverTypes.h value out-of-bounds
Weaknesses CWE-119
CWE-125
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Minisat Minisat
Niklasso Minisat
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:17:07.282Z

Reserved: 2026-02-17T20:39:31.868Z

Link: CVE-2026-2644

cve-icon Vulnrichment

Updated: 2026-02-18T20:27:15.318Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T07:16:11.230

Modified: 2026-02-20T16:20:55.853

Link: CVE-2026-2644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:00:10Z

Weaknesses