VDB
CVE-2020-19725
CVE-2020-19725
PUBLISHED
There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution.
EPSS 0.47% · 65.1th percentile
Risk Scores
EPSS Score
0.47%
65.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | z3 | 4.8.12-3.1, 0, 4.8.12-3.1build1 |
| Ubuntu:20.04:LTS | z3 | 4.8.7-4build1, 0, 4.8.4-1build1 |
| Ubuntu:18.04:LTS | z3 | 4.4.1-0.3build4, 4.4.1-0.3build3, 0 |
| Ubuntu:25.10 | z3 | 0, 4.13.3-1 |
| Ubuntu:16.04:LTS | z3 | 4.4.0-3, 4.4.0-2, 4.4.0-3build1 |
| Ubuntu:22.04:LTS | z3 | 0, 4.8.12-1 |
Exploit Intelligence
- https://github.com/Z3Prover/z3/issues/3363 (nist-nvd)
Timeline
- Aug 22, 2023 CVE Published
- Aug 23, 2023 EPSS Score
- Sep 25, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Nov 30, 2023 EPSS Score
- Jan 3, 2024 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 9, 2024 EPSS Score
- Apr 11, 2024 EPSS Score
- Jun 16, 2024 EPSS Score
- Jul 19, 2024 EPSS Score
- Aug 22, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-19725 third-party-advisory
- https://github.com/Z3Prover/z3/issues/3363 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-19725 third-party-advisory