Hi,
I believe I have identified a memory safety issue in libucl related to macro parsing.
The issue appears to be an out-of-bounds read in the function ucl_parse_macro_value when handling malformed or incomplete macro input (e.g., .load().
Initial testing indicates this may lead to a heap-buffer-overflow detected with AddressSanitizer.
I would prefer to disclose full technical details, proof-of-concept, and reproduction steps privately to follow responsible disclosure practices.
Could you please provide a secure contact method (email or preferred channel) for reporting this issue?
Thanks.
Hi,
I believe I have identified a memory safety issue in libucl related to macro parsing.
The issue appears to be an out-of-bounds read in the function ucl_parse_macro_value when handling malformed or incomplete macro input (e.g., .load().
Initial testing indicates this may lead to a heap-buffer-overflow detected with AddressSanitizer.
I would prefer to disclose full technical details, proof-of-concept, and reproduction steps privately to follow responsible disclosure practices.
Could you please provide a secure contact method (email or preferred channel) for reporting this issue?
Thanks.