Описание
Security update for capstone
This update for capstone fixes the following issues:
Security issues fixed:
- CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow (bsc#1255309).
- CVE-2025-68114: unchecked
vsnprintfreturn value can lead to a stack buffer overflow (bsc#1255310).
Other updates and bugfixes:
- Enable static library, and add
libcapstone-devel-staticsubpackage.
Список пакетов
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Module for Server Applications 15 SP7
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2026:0060-1
- E-Mail link for SUSE-SU-2026:0060-1
- SUSE Security Ratings
- SUSE Bug 1255309
- SUSE Bug 1255310
- SUSE CVE CVE-2025-67873 page
- SUSE CVE CVE-2025-68114 page
Описание
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2025-67873
- SUSE Bug 1255309
Описание
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream's index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.
Затронутые продукты
Ссылки
- CVE-2025-68114
- SUSE Bug 1255310