AZL-37067

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37067.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-37067

Upstream

CVE-2020-19725

Published

2023-08-22T19:16:04Z

Modified

2026-04-21T04:28:08.471341Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2020-19725 affecting package z3 for versions less than 4.13.3-1

Details

There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-19725

Affected packages

Azure Linux:3 / z3

Package

Name: z3
Purl: pkg:rpm/azure-linux/z3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.13.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37067.json"