{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2644", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-17T20:39:31.868Z", "datePublished": "2026-02-18T07:02:06.761Z", "dateUpdated": "2026-02-23T10:17:07.282Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:17:07.282Z"}, "title": "niklasso minisat DIMACS File SolverTypes.h value out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "niklasso", "product": "minisat", "versions": [{"version": "2.0", "status": "affected"}, {"version": "2.1", "status": "affected"}, {"version": "2.2.0", "status": "affected"}], "modules": ["DIMACS File Parser"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-21T17:40:35.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346406", "name": "VDB-346406 | niklasso minisat DIMACS File SolverTypes.h value out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346406", "name": "VDB-346406 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.752775", "name": "Submit #752775 | niklasso minisat master-branch Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/niklasso/minisat/issues/55", "tags": ["issue-tracking"]}, {"url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/niklasso/minisat/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T20:27:11.270693Z", "id": "CVE-2026-2644", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:27:18.841Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2644", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T20:27:11.270693Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:27:15.318Z"}}], "cna": {"title": "niklasso minisat DIMACS File SolverTypes.h value out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "niklasso", "modules": ["DIMACS File Parser"], "product": "minisat", "versions": [{"status": "affected", "version": "2.0"}, {"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.2.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-17T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-21T17:40:35.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346406", "name": "VDB-346406 | niklasso minisat DIMACS File SolverTypes.h value out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346406", "name": "VDB-346406 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.752775", "name": "Submit #752775 | niklasso minisat master-branch Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/niklasso/minisat/issues/55", "tags": ["issue-tracking"]}, {"url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/niklasso/minisat/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:17:07.282Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2644", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:17:07.282Z", "dateReserved": "2026-02-17T20:39:31.868Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-18T07:02:06.761Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:minisat:minisat:*:*:*:*:*:*:*:*", "matchCriteriaId": "596B266D-925F-4C87-8D27-C24D786332DA", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se ha identificado una debilidad en niklasso minisat hasta 2.2.0. Este problema afecta a la funci\u00f3n Solver::value en la biblioteca core/SolverTypes.h del componente DIMACS File Parser. Esta manipulaci\u00f3n del \u00edndice de la variable del argumento con la entrada 2147483648 causa una lectura fuera de l\u00edmites. El ataque debe ser lanzado localmente. El exploit se ha puesto a disposici\u00f3n del p\u00fablico y podr\u00eda ser usado para ataques. El proyecto fue informado del problema tempranamente a trav\u00e9s de un informe de problema pero no ha respondido a\u00fan."}], "id": "CVE-2026-2644", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-18T07:16:11.230", "references": [{"source": "cna@vuldb.com", "tags": ["Product", "Vendor Advisory"], "url": "https://github.com/niklasso/minisat/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/niklasso/minisat/issues/55"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346406"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346406"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.752775"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "minisat", "source": "cna", "vendor": "niklasso"}, "product": "minisat", "vendor": "niklasso"}], "analysis": {"en": {"generated_at": "2026-04-17T18:47:02.702373+00:00", "value": {"mitigation_remediation": ["Upgrade MiniSat to a version newer than 2.2.0 once the vendor releases a patch that adds bounds checking to Solver::value.", "If an upgrade is not immediately possible, apply a local code change that validates the index against the size of the internal array before performing the read, thereby preventing out\u2011of\u2011bounds access.", "Restrict the ability of local users to invoke the vulnerable parsing routine by tightening file permissions or running the parser under a dedicated service account with minimal privileges."], "summary": {"action": "Assess Impact", "impact": "Local Information Disclosure"}, "threat_synthesis": {"affected_systems": "The issue affects all builds of niklasso MiniSat up to and including version 2.2.0. Users deploying MiniSat for local SAT solving tasks on their own machines\u2014in particular those parsing user\u2011supplied DIMACS files\u2014are therefore potentially impacted.", "description_and_impact": "A flaw in the MiniSat DIMACS file parser allows a local attacker to supply an index value of 2147483648 to the Solver::value function, which then performs an out\u2011of\u2011bounds read. The vulnerability does not provide direct code execution but can leak contents of the process memory, potentially revealing sensitive information. The weakness is a classic out\u2011of\u2011bounds read, classified as CWE\u2011119, CWE\u2011125, and CWE\u2011787.", "risk_and_exploitability": "The CVSS score is 4.8, indicating moderate severity, while the EPSS score is less than 1%, showing a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers must have local access to the system to exploit the read, and publicly available proof\u2011of\u2011concept code exists. Consequently, the risk is moderate for environments where MiniSat is used with untrusted inputs, but overall exploitation likelihood remains low."}}}}, "created": "2026-02-18T10:32:33.809986+00:00", "updated": "2026-04-17T19:00:10.999770+00:00", "vendors": ["niklasso", "niklasso$PRODUCT$minisat"]}