| Title | vstakhov libucl 0.9.2 / master commit d8af953 Heap-based Buffer Overflow |
|---|
| Description | libucl version 0.9.2 (master commit d8af953) is vulnerable to a heap buffer overflow in the ucl_include_common function of ucl_util.c. The vulnerability arises when parsing crafted input with ucl_parser_add_string, which eventually calls ucl_strnstr. This function performs a strncmp on memory beyond the allocated buffer, leading to out-of-bounds read access. |
|---|
| Source | ⚠️ https://github.com/vstakhov/libucl/issues/337 |
|---|
| User | ahuo (UID 90189) |
|---|
| Submission | 09/14/2025 10:14 (7 months ago) |
|---|
| Moderation | 09/26/2025 08:15 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325953 [vstakhov libucl up to 0.9.2 /src/ucl_util.c ucl_include_common heap-based overflow] |
|---|
| Points | 19 |
|---|