VDB

DEBIAN-CVE-2024-40897

DEBIAN-CVE-2024-40897 PUBLISHED CVSS 6.699999809265137 MEDIUM

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Risk Scores

CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:13orc0, 0
Debian:12orc0, 1:0.4.33-2, 1:0.4.34-1
Debian:11orc*, 0.4.42-3, *
Debian:14orc0, 0

Timeline

  • Jul 26, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›