Main Vulnerability Database Vulnerabilities #VU110231

#VU110231 Resource exhaustion in llvm-project - CVE-2024-31852

Published: June 6, 2025

Vulnerability identifier: #VU110231

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-31852

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
llvm-project

Software vendor:
llvm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to LLVM generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://bugs.chromium.org/p/llvm/issues/detail?id=69
https://github.com/llvm/llvm-project/issues/80287
https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
https://llvm.org/docs/Security.html

#VU110231 Resource exhaustion in llvm-project - CVE-2024-31852

Description

Remediation

External links

Please verify you're human