Описание
[REJECTED CVE] A Buffer Overflow vulnerability was found in GNU bison in src/symtab.c. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash.
Отчет
Please note that this CVE has been rejected Upstream.
Меры по смягчению последствий
This flaw can be mitigated by not supplying untrusted input to be processed by GNU Bison.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 6 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 7 | bison | Will not fix | ||
| Red Hat Enterprise Linux 8 | bison | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash.
5.5 Medium
CVSS3