-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is a segmentation fault in MLIR's IROperand, observed at commit fdbc55a5. This commit refactored FileID handling in Clang's AST serialization. The analysis assumes that these changes in Clang introduced a subtle bug leading to corrupted FileID or source location information. When MLIR consumes this Clang-generated data, the corruption manifests as a crash. The identified functions are central to the new FileID handling logic introduced in commit fdbc55a5. While the crash occurs in MLIR, these Clang functions are hypothesized to be the origin of the bad data. The confidence is 'medium' because the link is indirect and relies on the assumption that the NFCI commit fdbc55a5 introduced the defect.
Ongoing coverage of React2Shell