{
  "version": "1",
  "package": [
    {
      "name": "llvm-native",
      "layer": "meta",
      "version": "18.1.6",
      "products": [
        {
          "product": "llvm",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2023-26924",
          "summary": "LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes \"Language front-ends ... for which a malicious input file can cause undesirable behavior.\"",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-26924"
        },
        {
          "id": "CVE-2023-29932",
          "summary": "llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29932"
        },
        {
          "id": "CVE-2023-29933",
          "summary": "llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29933"
        },
        {
          "id": "CVE-2023-29934",
          "summary": "llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29934"
        },
        {
          "id": "CVE-2023-29935",
          "summary": "llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && \"operation was already replaced.",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29935"
        },
        {
          "id": "CVE-2023-29939",
          "summary": "llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29939"
        },
        {
          "id": "CVE-2023-29941",
          "summary": "llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29941"
        },
        {
          "id": "CVE-2023-29942",
          "summary": "llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-29942"
        },
        {
          "id": "CVE-2024-0151",
          "summary": "Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.",
          "scorev2": "0.0",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0151"
        }
      ]
    }
  ]
}