CVE-2020-24240

Опубликовано: 25 авг. 2020

Источник: ubuntu

Приоритет: low

CVSS2: 7.1

CVSS3: 5.5

Описание

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	2:3.8.2+dfsg-1build1
esm-infra-legacy/trusty	DNE
esm-infra/bionic	needed
esm-infra/focal	needed
esm-infra/xenial	needed
focal	ignored	end of standard support, was needed
groovy	ignored	end of life
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Ссылки на источники

7.1 High

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-24240

CVSS3: 5.5

redhat

больше 5 лет назад

CVE-2020-24240

CVSS3: 5.5

nvd

больше 5 лет назад

CVE-2020-24240

CVSS3: 5.5

debian

больше 5 лет назад

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...

GHSA-5xv5-wxfg-845r

github

больше 3 лет назад

GNU Bison 3.7 has a use after free (UAF) vulnerability. A local attacker may execute bison with crafted input file containing a NULL byte, which could triggers UAF and thus cause system crash.

7.1 High

CVSS2

5.5 Medium

CVSS3

CVE-2020-24240

Описание

Пакет bison

Ссылки на источники

Связанные уязвимости