HSEC-2024-0006
See a problem?- Import Source
- https://github.com/haskell/security-advisories/blob/generated/osv-export/2024/HSEC-2024-0006.json
- JSON Data
- https://api.osv.dev/v1/vulns/HSEC-2024-0006
- Published
- 2025-03-20T18:42:29Z
- Modified
- 2025-03-20T18:53:03.136027Z
- Summary
- fromIntegral: conversion error
- Details
-
fromIntegral: conversion errorfromIntegralmay result in coercion errors when used with optimization flags-O1or-O2in the following situation:- Converting negative
InttoNaturaldoes not throw an arithmetic underflow error - Converting large
Integergreater than 2^64 toNaturaloverflow.
For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.
- Converting negative
- References
Affected packages
Hackage / base
Package
- Name
- base
- Purl
- pkg:hackage/base
Severity
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator