Volerion logoVolerion
Volerion logoVolerion

CodeChecker Buffer Overflow Vulnerability in ldlogger Library

Vulnerability

A buffer overflow vulnerability has been identified in CodeChecker versions through 6.26.1. This issue arises in the internal ldlogger library, which is utilized by the CodeChecker log command. The vulnerability is caused by the unsafe use of the strcpy function, allowing attackers to overwrite the stack by providing crafted inputs from the command line. The destination buffer, which is stack-allocated and fixed at 4096 bytes, can be overflowed because strcpy is used without proper length validation.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a program to crash.

Reproduction

The vulnerability can be reproduced by using the CodeChecker log command with a specially crafted payload that exceeds the buffer size. The example provided in the advisory illustrates this by generating a payload of 4090 bytes of 'A' characters, which is then sent as part of the command's arguments, overwriting the stack.

Remediation

Users can upgrade to CodeChecker version 6.26.2 or later to address this vulnerability.

Added: Oct 28, 2025, 7:17 PM
Updated: Oct 28, 2025, 7:17 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
10.0
exploitability
6.0
remediation
7.7
relevance
0.8
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.