Vulnerabilities for Bison (...) - CXSECURITY.COM

Vulnerabilities for 'Bison'

2020-09-04

CVE-2020-24980

CWE-20

An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file containing character '\' at the end and while still in a character or a string.

CVE-2020-24979

CWE-787

A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash.

2020-08-25

CVE-2020-24240

CWE-416

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

2020-06-15

CVE-2020-14150

NVD-CWE-noinfo

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).

>>> Vendor: GNU 108 Products

Data display debugger

Realtime linux security module

Gnutls libtasn1

See all Products for Vendor GNU

Copyright 2024, cxsecurity.com