Bugzilla – Bug 1215233
VUL-0: CVE-2023-39070: cppcheck: heap use-after-free in removeContradiction()
Last modified: 2023-12-24 14:04:51 UTC
CVE-2023-39070 An issue in Cppcheck 2.12 dev leads to heap use-after-free in the removeContradiction() function in token.cpp when checking a specially crafted input. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39070 https://bugzilla.redhat.com/show_bug.cgi?id=2238464 https://www.cve.org/CVERecord?id=CVE-2023-39070 https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/
fix accepted by upstream. still don't think it's worth a security update, but I submitted it for Backports SP5/SP6 and Tumbleweed.
This is an autogenerated message for OBS integration: This bug (1215233) was mentioned in https://build.opensuse.org/request/show/1134347 Factory / cppcheck https://build.opensuse.org/request/show/1134348 Backports:SLE-15-SP6 / cppcheck https://build.opensuse.org/request/show/1134350 Backports:SLE-15-SP5 / cppcheck
openSUSE-SU-2023:0413-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1215233 CVE References: CVE-2023-39070 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): cppcheck-2.12.1-bp155.2.3.1