Use After Free Affecting microsoft.z3.x64 package, versions [,4.8.10)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
Exploit Maturity
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DOTNET-MICROSOFTZ3X64-1063225
- published 21 Jan 2021
- disclosed 21 Jan 2021
- credit Unknown
How to fix?
Upgrade Microsoft.Z3.x64 to version 4.8.10 or higher.
Overview
Microsoft.Z3.x64 is a satisfiability modulo theories solver from Microsoft Research.
Affected versions of this package are vulnerable to Use After Free in src/ast/ast.h which can be triggered via the proof function.