Описание
A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.
A flaw was found in bison. The __obstack_vprintf_internal function in obprintf.c contains an issue where manipulation can lead to a reachable assertion, allowing a local attacker to trigger an assertion failure. This condition is exploitable via crafted input. The primary consequence of this vulnerability is an application level denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | bison | Fix deferred | ||
| Red Hat Enterprise Linux 6 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 7 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 8 | bison | Out of support scope | ||
| Red Hat Enterprise Linux 9 | bison | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.
A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.
A flaw has been found in GNU Bison up to 3.8.2. This affects the funct ...
A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
3.3 Low
CVSS3