CVE-2020-36404

2021-07-0103:15:07

Google

osv.dev

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.

CPENameOperatorVersion
keystoneeq0.9.2-rc1.post2
keystoneeq0.9.1
keystoneeq0.9.2-rc1.post1
keystoneeq0.9.2
keystoneeq0.9.2-rc1
keystoneeq0.9

Name	Operator	Version
keystone	eq	0.9.2-rc1.post2
keystone	eq	0.9.1
keystone	eq	0.9.2-rc1.post1
keystone	eq	0.9.2
keystone	eq	0.9.2-rc1
keystone	eq	0.9

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=22371

github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-1506.yaml

github.com/keystone-engine/keystone/releases