Medium severity5.5NVD Advisory· Published Mar 27, 2024· Updated Apr 15, 2026

CVE-2023-46046

Description

An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.

Patches

9825543b954b

https://github.com/MiniZinc/libminizincvia osv

afe67acc2089

https://github.com/MiniZinc/libminizincvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

packetstormsecurity.com/files/176817/MiniZinc-2.7.6-Null-Pointer.htmlnvd
seclists.org/fulldisclosure/2024/Jan/63nvd
github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0nvd
github.com/MiniZinc/libminizinc/issues/730nvd
www.minizinc.org/doc-2.8.3/en/changelog.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000