{"id":"CVE-2023-46046","details":"An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.","modified":"2026-04-12T04:43:58.605700Z","published":"2024-03-27T05:15:47.440Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/176817/MiniZinc-2.7.6-Null-Pointer.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2024/Jan/63"},{"type":"WEB","url":"https://www.minizinc.org/doc-2.8.3/en/changelog.html"},{"type":"REPORT","url":"https://github.com/MiniZinc/libminizinc/issues/730"},{"type":"FIX","url":"https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/MiniZinc/libminizinc","events":[{"introduced":"0"},{"fixed":"9825543b954b44e22796435c7cb5d6175c61e73d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.8.0"}]}},{"type":"GIT","repo":"https://github.com/minizinc/libminizinc","events":[{"introduced":"0"},{"fixed":"afe67acc20898e4308044b54c4acf7a08df544f0"}]}],"versions":["2.3.2","2.4.0","2.4.1","2.4.2","2.4.3","2.5.0","2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6"],"database_specific":{"vanir_signatures":[{"id":"CVE-2023-46046-195d7ec0","digest":{"function_hash":"159590740340000452732262534981804183081","length":98565},"source":"https://github.com/minizinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0","signature_version":"v1","deprecated":false,"target":{"file":"lib/cached/parser.tab.cpp","function":"yyparse"},"signature_type":"Function"},{"id":"CVE-2023-46046-a0280504","digest":{"line_hashes":["167444289913573133685966991372426766369","227359875495467566515814932557538062278","132834595847346884134415873557772924078","212052678522255194554286315934808054551"],"threshold":0.9},"source":"https://github.com/minizinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0","signature_version":"v1","deprecated":false,"target":{"file":"lib/cached/minizinc/parser.tab.hh"},"signature_type":"Line"},{"id":"CVE-2023-46046-f19cae67","digest":{"line_hashes":["41369065801590403269906737208850996398","84639051280245143182487291506865029567","88831857541686223655775384410224509636","29788272144588850750790521257997831469","65953240008922408744975366050469705913","194902177327681595906293300957327175187","321726944488414938937236818439797269311","74408590284288045621468674470769726929","190785362618558146174239490815472598991","161054580274919064923016919248248711619","280972103494769796408790227200336550712","18929638329477058610622327411255628791","258460756245294186982921129748524689996","294370449508251006315805282116966768052","170036041616572126979934469388462053108","316694081653274257039217420712638013632","301331582935591007316349784446201624218","177555665236374530356549710959988516031","39295001753975040280676401660365104050","311635377005071468461238029123663755362","117461885306581428731817391884801819647","45917267265216056889723379451273852978","17111940671096972159995597137631669063","260594255980853277635968285979043987865","69363431614542846440484001487235006399","206948501526446472025097525196671947535","254361570570497497527013019823809489774","56591572742291160689104061616845588079","43504413001548766722419025265785619427","224780550542474184625043385183471122678","51258068744588929289588256643792774524","157081061823268993074703469094558229227","332952702350119608573661281360037026039","75371541750965716469696684487812808863","228680930735472739690839937753259620903","31315197848273929974663041131885236087","216759392842887517145479237546130640647","7233954429818631762915381835423485474","222350020895404273038760093246340328442","244168271120825028748466918671510230690","159959174165739556755347064397969785975","53798922902014749551966515573245783144","234062167746465853055411668689880957911","160168573013239698978859236503969769203","137579360068289266050907038953244593234","193623568742956280627308585925713556575","15759415080462533118847889156214297478","250763282015289041075648265787129704761","134532282538045021463534472218718841307","23642512701749557984363462054946274611","94049078293870957827826825344595154263","57985313113529399166318260389037113590","59706010452658294402835189109421832021","256343149231915714309498639226919921486","218320800388276786321256411469118515546","37418208057866818200058451214337556424","197424378134357073608792666914626012499","270295676649660158781444853821125886664","296843742657829073350481657900982479240","164875458048634174415285026066977530221","242066986833660769389092137482038572482","283836394131288505848475398719408013020","74885928932266890615964729240996373905","256277689921976399787532524150970765189","35693664933994284966072325117552565191","290506845872674798837648409172968209027","88725728513588148086316230493760326341","170681101782046499617668993207389649051","104654296546687839702316264618827785496","56652161144252534625893705154388080637","214998861572524700175324239366276883529","36560362495012508543802721715767890950","130122756278653784452488057466444812255","314748519954244922452058435063506579685","269784016094134734714357397449764500325","19389138591779042675232159058545339870","211173301070780988958537606669982661544","205883834189780796022821879963011495823","155164511983102518791222725789714126229","32031887654878380170407920519568008460","213779906473000638225248476655811746118","45518235937195246500577188613191985253","244450394497772056553261055806822918675","114157767592540271182824911472243912014","198381103706871106531379277445898789917","1052971075786539073382618223055561036","131046071533067513573234803522517392473","171842729700691442959511059551645154026","257982387284681616183193468363924254931","15964621542304313828938720948276779526","182455744724091352154369498990829978623","163982949295352918240561588742047160585","260698026398619067810547356808365363685","261899878899617730477796494522264615190","119495794154887678031550949610491845345","335864894448455592458186378803667142095","316800954449641388405885276633232020867","89673146456975126961422362379448206304","85947529958514961560909604093731886058","70917739768347892542604309502316669755","40777926033625760668798855901867558182","128834431998584363915040246702701264310","268186480471805449360204131409120046738","138903224664380221035873767091242203264","25460645954299546711727239181346707893","89274748540208599521362757378863156729","8718118797877545136290908165870987518","179867630456076424820647693270575810822","96018945627245244555292621643247254317","275131538313268929428371877738677751048","309358220781534799462427654130468081665","91054831130069154327966572809408892836","24318593522926258979277796029516965623","140086335266839773736110601454928507724","168190064959368942887984669589440274811","244740901344147452473703470914041718367","34853182246595222796671774703907405947","82748448440847949842506146033685566813","137745792902776862316089199283994998184","303300271905933523413324737677673920789","109230968158685521799417652091374015860","262422971398096261401700918602626845200","269510757545028000419404439762959345004","267278881641819382382121443507997908694","247669413298622779163661569763130524329","312017874112491867501779243143870333444","308771551375094063721232777543102044165","338031839983178561694616232047612924005","246439284457754208857600325111436101186","43285605412294943292676412447662902358","31274333051030425907217906675957764898","208717321199676627155766451405502357643","265576705375355427806783350990559584819","42304067819266643369039444425063026144","10357074755913404668717680804918753291","69219389879462809441340018005768678995","234348066782585771442255046074695787711","54696987633383465529271193699215625818","124098945537153094511926169103803499515","248880072638558267596945258697411843636","213520353821480763639565760416388167401","269995976985365901351798244085620379535","47284540294555277187101979024181587450","90812767123752633418242422656691742197","93427993567673174674193645511535616986","118065945752963473844314016255375936511","21565495363664125343307141349870040824","150659049349685717218099346576698575029","127801058425096127633591160028778155840","199747410189045804685868900632365697316","242260075932521645223654022716697339736","101346658826082231423960715090915738453","302464345214251270246443568354719649472","110011425718716598903787763275826626212","61844543366106668088049362906378178121","179895787905852355892987873248606014671","301546774401043248909458109944242174897","221803064513515771769950401930497807060","140815055795280208342316543841338940669","44403749126086856481201066594220368341","154469177339254498995958323006016215104","260534414723396157840981691837176548093","129337702605510020788464130679825114840","144932157185171698529478508024396015037","126245379755028923764819174792293519105","77739720519487195663325805592488307521","42593858122898733513961850609318908819","185412360411463989169016157975386071521","195097956260694796614071150504151451093","134968358678690528830091703969571476993","43100725037534229107016566892822446235","83235850110935263887470584630143935752","202263727467553425505019724529395781202","304171727850572819450536778850275420076","298940693928643446051647778602184421483","40935043220874060154693092761831092562","56051090132475558697361661306778978626","280228597026676356878928373295723812049","48329021962610584708915471693097439699","175892161835812072445126895908556076351","188549309119421715576838691540503798404","312918762362966371319061654283086752956","319233659206275043634053803000736062458","11612438668100904239345173708499498195","188549309119421715576838691540503798404","39024908166297745837503104564799229654","267392471599754681009231649297418508970","250152639638542655872435390223857284125","83235850110935263887470584630143935752","149270505400330317660676458585212305612","235891726004802467203362006741789915976","230165638804928127660925702073334322947","15093640924989620956452056524667464312","164740001121337559264048021004648813717","164141830577845597210366036011903622421","292307720721997020840457333498563829388","165856717588611431740581714735217192260","302456030599770476054806319644446176275","198486110167179032569153173514502592945","128214726557409196679047582049558729300","145993388120402724760095721195709882259","242271764196249463547578302234953388729","46307830208531824994643387572173072996","28607302686802921913624556858684196257","327697813895689478451740957616126627062","184778322025917355418401094688161757713","291564172418996685813427781331066585179","108602260167450531073446995501323470760","228438386276306049485934415340712051757","297688171939831102507590916355388235156","254160931706493746989157138991581995631","22816037547853088647154121046896574249","236685893735518257546635793399615436170","340097661717038815871611085739662085277","78781262507713101040057114012313787037","197295882091164715998734837614283824837"],"threshold":0.9},"source":"https://github.com/minizinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0","signature_version":"v1","deprecated":false,"target":{"file":"lib/cached/parser.tab.cpp"},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46046.json","vanir_signatures_modified":"2026-04-12T04:43:58Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}