scip File Descriptor Handler Uncontrolled Resource Consumption Vulnerability

A vulnerability allowing uncontrolled file descriptor consumption has been identified in the scipopt scip File Descriptor Handler component, specifically in versions through 9.2.1. The issue arises in the 'main' function of 'examples/LOP/src/genRandomLOPInstance.c', where the file handling logic fails to properly manage file descriptors, leading to potential resource exhaustion. This vulnerability requires local access to exploit.

Impact

The vulnerability can be exploited to cause excessive consumption of file descriptors, which may lead to resource exhaustion and potentially disrupt normal application operations.

Reproduction

The vulnerability can be reproduced by running the 'genRandomLOPInstance' example with a large input that generates a significant number of file operations. The missing file closure in the code will result in unregulated file descriptor usage, which can be observed by monitoring the system's file descriptor limits.

Remediation

Users are advised to upgrade to scip version 9.2.2, where this vulnerability has been addressed.