CVE-2026-2644
Received Received - Intake
Out-of-Bounds Read in niklasso minisat DIMACS Parser

Publication date: 2026-02-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2644
EUVD
EUVD-2026-7650
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
minisat minisat to 2.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2644 is a heap-buffer-overflow vulnerability in the MiniSat SAT solver, specifically in the function Solver::value within the DIMACS File Parser component.

The issue arises when MiniSat parses a crafted DIMACS input file containing an excessively large variable index, such as 2147483648 (2^31), which exceeds the maximum signed 32-bit integer limit (2,147,483,647).

This causes an integer overflow that wraps the variable index to a negative number (-2147483648). Since MiniSat stores variable indices as signed 32-bit integers, the negative index is used to access the assigns array, leading to an out-of-bounds read (buffer underflow) on the heap.

This vulnerability is confirmed by AddressSanitizer reports showing a read violation one byte before the allocated heap region, and it can be triggered by running MiniSat with a specially crafted DIMACS file containing the large variable index.

Impact Analysis

This vulnerability can cause out-of-bounds heap reads leading to heap buffer underflow, which may result in software crashes or instability.

Because the issue affects software availability, an attacker with local access could exploit this vulnerability to disrupt the normal operation of MiniSat.

The exploit requires local access and is considered easy to perform, with a proof-of-concept publicly available.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by running MiniSat with AddressSanitizer (ASAN) enabled and providing a specially crafted DIMACS input file containing an excessively large variable index such as 2147483648. The ASAN tool will report a heap-buffer-overflow during execution, indicating the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'To detect the issue, you can build MiniSat in Release mode with ASAN enabled and then run it with a crafted DIMACS file containing the large variable index. The ASAN output will show a read violation one byte before the allocated heap region, confirming the vulnerability.'}, {'type': 'paragraph', 'content': 'Example steps to detect the vulnerability:'}, {'type': 'list_item', 'content': 'Build MiniSat with ASAN enabled (e.g., using Clang with -fsanitize=address).'}, {'type': 'list_item', 'content': 'Create a DIMACS file with a line containing the large variable index, e.g., "2147483648 3 -1 0".'}, {'type': 'list_item', 'content': 'Run MiniSat with the crafted DIMACS file as input.'}, {'type': 'list_item', 'content': 'Observe ASAN reports for heap-buffer-overflow errors related to Solver::value function.'}] [1, 3]

Mitigation Strategies

Immediate mitigation steps are limited because no official fix or response has been provided by the project maintainers.

It is recommended to restrict local access to the MiniSat software to trusted users only, as the attack requires local execution.

Consider replacing the affected MiniSat version (up to 2.2.0) with an alternative SAT solver that is not vulnerable.

Avoid processing untrusted or crafted DIMACS input files that could trigger the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2644. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart