CVE-2025-40843

Summary

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.

CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command.

This issue affects CodeChecker: through 6.26.1.

Affected Software

VendorProductVersion RangeStatus
EricssonCodeChecker0 <= 6.26.1affected

Weaknesses

  • CWE-121: CWE-121 Stack based buffer overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References