CVE-2020-36405

2021-07-0103:15:07

Google

osv.dev

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.8%

Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.

CPENameOperatorVersion
keystoneeq0.9.2-rc1.post2
keystoneeq0.9.1
keystoneeq0.9.2-rc1.post1
keystoneeq0.9.2
keystoneeq0.9.2-rc1
keystoneeq0.9

Name	Operator	Version
keystone	eq	0.9.2-rc1.post2
keystone	eq	0.9.1
keystone	eq	0.9.2-rc1.post1
keystone	eq	0.9.2
keystone	eq	0.9.2-rc1
keystone	eq	0.9

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850

github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-789.yaml

github.com/keystone-engine/keystone/releases