Main Vulnerability Database Vulnerabilities #VU110231

Resource exhaustion in llvm-project - CVE-2024-31852

Published: June 6, 2025

Vulnerability identifier: #VU110231

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-31852

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: llvm

Affected software:
llvm-project

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to LLVM generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

How to mitigate CVE-2024-31852

Install updates from vendor's website.

Sources

https://bugs.chromium.org/p/llvm/issues/detail?id=69
https://github.com/llvm/llvm-project/issues/80287
https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
https://llvm.org/docs/Security.html

Resource exhaustion in llvm-project - CVE-2024-31852

Detailed vulnerability description

How to mitigate CVE-2024-31852

Sources

Please verify you're human