Primary

Context

Altera High Level Synthesis Compiler Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking

Vulnerability

A vulnerability allowing search order hijacking has been identified in the Altera High Level Synthesis Compiler for Windows, affecting versions 19.1 prior to 24.3. This uncontrolled search path element vulnerability can lead to a DLL planting issue, where malicious DLLs could be loaded by the application.

Impact

Exploitation of this vulnerability could allow for unauthorized DLLs to be loaded, potentially leading to arbitrary code execution.

Remediation

Altera recommends replacing the build.bat file in the affected directory with a version available through their official channels. Additionally, write access to the 'C:\quartus\bin64' directory should be restricted to system administrators only.

Added: Dec 12, 2025, 3:21 AM

Updated: Dec 12, 2025, 3:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Altera High Level Synthesis Compiler Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating