CVE-2025-40843
MEDIUM5.9EPSS 0.02%CodeChecker has a buffer overflow in the log command
Description
### Summary CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal `ldlogger` library, which is executed by the `CodeChecker log` command. ### Details Unsafe usage of `strcpy()` function in the internal `ldlogger` library allows attackers to trigger a buffer overflow by supplying crafted inputs from the command line. Specifically, the destination buffer is stack-allocated with a fixed size of 4096 bytes, while `strcpy()` is called without any length checks, enabling an attacker to overrun the buffer. ### PoC Example script is included below to illustrate how this vulnerability can be exploited. ```bash #!/bin/bash export CC_LOGGER_DEF_DIRS=1; payload=''; for i in $(seq 1 4090); do payload+='A'; done CodeChecker log -b "/very/long/path/to/$payload/gcc a.c" -o compilation.json ``` ### Impact Any environment where the vulnerable `CodeChecker log` command is executed with untrusted user input is affected by this vulnerability.
Affected packages (2)
- PyPI/codecheckerfrom 0, < 6.26.2
- PyPI/codecheckerfrom 0, < 6.26.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |