OSV-2024-22

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libucl/OSV-2024-22.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-22
Published
2024-01-19T00:14:18.833531Z
Modified
2024-07-16T04:35:26.847250Z
Summary
Heap-use-after-free in ucl_hash_func
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65868

Crash type: Heap-use-after-free READ 8
Crash state:
ucl_hash_func
kh_resize_ucl_hash_node
kh_put_ucl_hash_node
References

Affected packages

OSS-Fuzz / libucl

Package

Name
libucl
Purl
pkg:generic/libucl

Affected ranges

Type
GIT
Repo
https://github.com/vstakhov/libucl
Events
Introduced
9cdb299d32091071bfa9634d32170f54bf710fb2
Fixed
5c58d0d5b939daf6f0c389e15019319f138636c2

Affected versions

0.*

0.8.2
0.9.0
0.9.1
0.9.2

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "d6e62ca904286d4762607099a17efb2119404d06:5c58d0d5b939daf6f0c389e15019319f138636c2"
}