Описание
A vulnerability classified as problematic has been found in GNU Bison up to 3.8.2. Affected is the function code_free of the file src/scan-code.c. The manipulation leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability classified as problematic has been found in GNU Bison up to 3.8.2. Affected is the function code_free of the file src/scan-code.c. The manipulation leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-8734
- https://github.com/akimd/bison/issues/115
- https://drive.google.com/file/d/123Qe44FaC-GP88dWNl9-6H4jLWUcXYNZ/view?usp=drive_link
- https://vuldb.com/?ctiid.319230
- https://vuldb.com/?id.319230
- https://vuldb.com/?submit.622300
- https://www.gnu.org
- https://www.openwall.com/lists/oss-security/2025/10/27/12
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
Уязвимость универсального генератора парсеров GNU Bison, связанная с неправильным ограничением операций в пределах буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании
