Описание
A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-8733
- https://github.com/akimd/bison/issues/113
- https://github.com/akimd/bison/issues/114
- https://vuldb.com/?ctiid.319229
- https://vuldb.com/?id.319229
- https://vuldb.com/?submit.622298
- https://vuldb.com/?submit.622299
- https://www.gnu.org
- https://www.openwall.com/lists/oss-security/2025/10/27/12
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
Уязвимость универсального генератора парсеров GNU Bison, связанная с использованием функции assert() или похожего оператора, позволяющая нарушителю вызвать отказ в обслуживании
