Miggo Logo
Miggo Vulnerability Database
CVE-2023-29933

CVE-2023-29933:
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component...

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-29933
GHSA ID
GHSA-6wqm-qcpc-57pm
EPSS Score
0.03534%
CWE
CWE-125
Published
5/5/2023
Updated
4/4/2024
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The primary evidence for the vulnerable function comes from the stack trace provided in the GitHub issue #59442. The trace explicitly points to mlir::Block::getArgument as the function where the segmentation fault occurs. Although the commit bd456297 is mentioned as the one containing the fault, and a later commit 6c01b5c likely fixed it, I was unable to fetch the details of these commits. However, the stack trace is a strong indicator. The vulnerability description also directly names mlir::Block::getArgument as the component involved in the segmentation fault.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

llvm-proj**t *ommit ******** w*s *is*ov*r** to *ont*in * s**m*nt*tion **ult vi* t** *ompon*nt mlir::*lo*k::**t*r*um*nt.

Reasoning

T** prim*ry *vi**n** *or t** vuln*r**l* *un*tion *om*s *rom t** st**k tr*** provi*** in t** *it*u* issu* #*****. T** tr*** *xpli*itly points to `mlir::*lo*k::**t*r*um*nt` *s t** *un*tion w**r* t** s**m*nt*tion **ult o**urs. *lt*ou** t** *ommit `*****