HSEC-2025-0001

See a problem?

Import Source

https://github.com/haskell/security-advisories/blob/generated/osv-export/2025/HSEC-2025-0001.json

JSON Data

https://api.osv.dev/v1/vulns/HSEC-2025-0001

Published

2025-03-18T20:54:19Z

Modified

2025-03-18T20:54:19Z

Summary

Subword division operations may produce incorrect results

Details

Subword division operations may produce incorrect results

Arithmetic operations may produce incorrect results when compiled with optimizations. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.

References

https://gitlab.haskell.org/ghc/ghc/-/issues/25653
https://discourse.haskell.org/t/psa-correctness-issue-in-ghc-9-12/11204
https://gitlab.haskell.org/ghc/ghc/-/merge_requests/13820

Affected packages

GHC / ghc

Package

Name: ghc

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.12.1

Fixed

9.12.2