Описание
[REJECTED CVE] An assertion failure flaw was found in GNU bison in src/parse-gram.c. A local attacker may execute bison with crafted input file containing character '' at the end and while still in a character or a string.
Отчет
This flaw does not affect bison as shipped in Red Hat Enterprise Linux 7 or 8 as it is was introduced in a subsequent version of bison. Also, please note that this CVE has been rejected Upstream.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 6 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 7 | bison | Not affected | ||
| Red Hat Enterprise Linux 8 | bison | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file containing character '\' at the end and while still in a character or a string.
5.5 Medium
CVSS3