Aardappel Lobster Memory Corruption Vulnerability in Parsing Component
Vulnerability
A memory corruption vulnerability has been identified in Aardappel Lobster versions through 2025.4. The issue arises in the Parsing component, specifically within the 'lobster::Parser::ParseStatements' function in 'dev/src/lobster/parser.h'. This vulnerability leads to a segmentation fault, and can only be exploited in a local environment. The problem has been publicly disclosed and a patch is available.
Impact
Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the Lobster compiler.
Reproduction
The vulnerability can be reproduced by building Lobster with release optimization and AddressSanitizer (ASan) enabled. After compiling the program, it can be run with a specific input file that triggers the segmentation fault. The ASan report will confirm the occurrence of the segmentation fault during the parsing phase, specifically in the 'ParseStatements' function.
Remediation
Users are advised to apply the available patch to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.