CVE-2025-67873

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 4.8

CVSS3: 7.8

EPSS Низкий

Описание

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.

Ссылки

https://github.com/capstone-engine/capstone/commit/cbef767ab33b82166d263895f24084b75b316df3
Patch
https://github.com/capstone-engine/capstone/security/advisories/GHSA-hj6g-v545-v7jg
Exploit
Vendor Advisory
https://github.com/capstone-engine/capstone/security/advisories/GHSA-hj6g-v545-v7jg
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:capstone-engine:capstone:*:*:*:*:*:*:*:*

Версия до 6.0.0 (исключая)

cpe:2.3:a:capstone-engine:capstone:6.0.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:capstone-engine:capstone:6.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:capstone-engine:capstone:6.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:capstone-engine:capstone:6.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:capstone-engine:capstone:6.0.0:alpha5:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00015

Низкий

4.8 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122

Связанные уязвимости

CVE-2025-67873

CVSS3: 4.8

ubuntu

около 2 месяцев назад

CVE-2025-67873

CVSS3: 4.8

debian

около 2 месяцев назад

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prio ...

SUSE-SU-2026:0060-1

suse-cvrf

около 1 месяца назад

Security update for capstone

EPSS

Процентиль: 2%

0.00015

Низкий

4.8 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122