Bug 2494424 (CVE-2026-13573) - CVE-2026-13573 llvm: llvm: Denial of Service via stack-based buffer overflow in StringMap::insert
Summary: CVE-2026-13573 llvm: llvm: Denial of Service via stack-based buffer overflow ...
Keywords:
Status: NEW
Alias: CVE-2026-13573
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2495112 2495113 2495114 2495115 2495116 2495117 2495118 2495119 2495120 2495121 2495122 2495123 2495124 2495125 2495126 2495127 2495128 2495129 2495130 2495131 2495132 2495133 2495134 2495135 2495136 2495137 2495138 2495140 2495141 2495142 2495143 2495144 2495145 2495146 2495147 2495148 2495139
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-29 15:01 UTC by OSIDB Bzimport
Modified: 2026-07-03 14:38 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-29 15:01:44 UTC
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.


Note You need to log in before you can comment on or make changes to this bug.