A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ucl_object_emit function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
To mitigate this issue, applications utilizing libucl should avoid processing untrusted input that contains keys with embedded null bytes, especially when operating in UCL_PARSER_ZEROCOPY mode. Restricting input to trusted sources can reduce exposure.