Login Sign Up

CVE-2019-1010038

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2019-1010038 is a buffer overflow vulnerability in OpenModelica OMCompiler that allows attackers to execute arbitrary code or cause denial of service by manipulating the OPENMODELICAHOME environment variable. This affects users running vulnerable versions of OpenModelica where the environment variable can be controlled by an attacker.

💻 Affected Systems

Products:
  • OpenModelica OMCompiler
Versions: Versions prior to v1.14.0
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists when OPENMODELICAHOME environment variable can be modified by untrusted users.

📦 What is this software?

Omcompiler by Openmodelica

View all CVEs affecting Omcompiler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the OpenModelica process, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crashes, with potential for limited code execution in specific configurations.

🟢

If Mitigated

No impact if environment variable manipulation is prevented through proper access controls.

🌐 Internet-Facing: MEDIUM - Requires ability to set environment variables on target system, which typically requires some level of access.
🏢 Internal Only: HIGH - Internal users with ability to set environment variables could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to set environment variables on the target system, which typically requires some level of access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.14.0 and later

Vendor Advisory: https://trac.openmodelica.org/OpenModelica/ticket/4787

Restart Required: Yes

Instructions:

1. Download OpenModelica v1.14.0 or later from official repository. 2. Uninstall previous version. 3. Install patched version. 4. Restart system or services using OpenModelica.

🔧 Temporary Workarounds

Restrict Environment Variable Access

all

Prevent untrusted users from modifying OPENMODELICAHOME environment variable

export OPENMODELICAHOME=/safe/path (Linux)
set OPENMODELICAHOME=C:\safe\path (Windows)

Run with Limited Privileges

linux

Execute OpenModelica with minimal necessary permissions

sudo -u restricted_user openmodelica

🧯 If You Can't Patch

  • Restrict access to OpenModelica to trusted users only
  • Implement strict environment variable controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check OpenModelica version: omc --version. If version is earlier than 1.14.0, system is vulnerable.

Check Version:

omc --version

Verify Fix Applied:

After patching, verify version is 1.14.0 or later and test with controlled environment variable changes.

📡 Detection & Monitoring

Log Indicators:

  • OpenModelica process crashes
  • Unusual environment variable modifications

Network Indicators:

  • Not network exploitable - local vulnerability

SIEM Query:

Process:omc AND (EventID:1000 OR EventID:1001) OR EnvironmentVariable:OPENMODELICAHOME modified

📊 Metadata

CVE ID: CVE-2019-1010038
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: July 15, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-1010038, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)