Miggo Logo
Miggo Vulnerability Database
CVE-2023-29932

CVE-2023-29932: llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component...

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-29932
GHSA ID
GHSA-9f3f-73qq-2pqq
EPSS Score
0.05598%
CWE
CWE-119
Published
5/5/2023
Updated
1/29/2025
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is a segmentation fault in MLIR's IROperand, observed at commit fdbc55a5. This commit refactored FileID handling in Clang's AST serialization. The analysis assumes that these changes in Clang introduced a subtle bug leading to corrupted FileID or source location information. When MLIR consumes this Clang-generated data, the corruption manifests as a crash. The identified functions are central to the new FileID handling logic introduced in commit fdbc55a5. While the crash occurs in MLIR, these Clang functions are hypothesized to be the origin of the bad data. The confidence is 'medium' because the link is indirect and relies on the assumption that the NFCI commit fdbc55a5 introduced the defect.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

llvm-proj**t *ommit ******** w*s *is*ov*r** to *ont*in * s**m*nt*tion **ult vi* t** *ompon*nt mlir::IROp*r*n*<mlir::OpOp*r*n*.

Reasoning

T** vuln*r**ility is * s**m*nt*tion **ult in MLIR's IROp*r*n*, o*s*rv** *t *ommit ********. T*is *ommit r****tor** *il*I* **n*lin* in *l*n*'s *ST s*ri*liz*tion. T** *n*lysis *ssum*s t**t t**s* ***n**s in *l*n* intro*u*** * su*tl* *u* l***in* to *orru