CVE-2025-40843

Advisory

Affected versions of the codechecker package are vulnerable to Buffer Overflow due to unsafe copying of user-controlled strings into a fixed-size stack buffer in the internal ldlogger library executed by the CodeChecker log command. The ldlogger component, invoked by CodeChecker’s log command, uses strcpy() without bounds checking to copy inputs into a 4096-byte stack-allocated buffer, allowing an overrun when given excessively long arguments. A local attacker who can pass crafted command-line parameters or environment variables to the CodeChecker log can overflow the buffer and crash the process, with limited potential for data exposure or modification within the process context.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/Ericsson/codechecker/commit/4122eb1b43d00c880e4f0747d2ca0a674feb7a50
• https://github.com/advisories/GHSA-5xf2-f6ch-6p8r
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40843