CVE-2025-40843: 
Python vulnerability analysis and mitigation

CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability (CVE-2024-40843) in the internal ldlogger library, which is executed by the CodeChecker log command. The vulnerability was discovered and disclosed on September 22, 2025, affecting the CodeChecker package distributed via pip. The issue has been patched in version 6.26.2 (GitHub Advisory).

The vulnerability stems from unsafe usage of strcpy() function in the internal ldlogger library. The destination buffer is stack-allocated with a fixed size of 4096 bytes, while strcpy() is called without any length checks, enabling an attacker to overrun the buffer. The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Moderate) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating local attack vector with low complexity and no required privileges or user interaction (GitHub Advisory).

Any environment where the vulnerable CodeChecker log command is executed with untrusted user input is affected by this vulnerability. The successful exploitation could lead to buffer overflow, potentially allowing attackers to execute arbitrary code or cause system crashes (GitHub Advisory).

Users should upgrade to CodeChecker version 6.26.2 or later which contains the fix for this vulnerability. The fix involves replacing unsafe strcpy() calls with safe_strcpy() that includes proper buffer size checks (GitHub Commit).