capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

Important: Red Hat Security Advisory: capstone security update

An update for capstone is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

capstone security update

4.0.2-11 - Fix CVE-2025-68114 memory corruption and CVE-2025-67873 heap buffer overflow Resolves: RHEL-137758...

Oracle Linux 9 : capstone (ELSA-2026-4898)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4898 advisory. 4.0.2-11 - Fix CVE-2025-68114 memory corruption and CVE-2025-67873 heap buffer overflow Resolves: RHEL-137758 Tenable has extracted the preceding...

ALSA-2026:4898 Important: capstone security update

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Security Fixes: capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via...

RHEL 9 : capstone (RHSA-2026:4898)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4898 advisory. Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security...

TencentOS Server 4: capstone (TSSA-2026:0098)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0098 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2 : capstone, --advisory ALAS2-2026-3133 (ALAS-2026-3133)

The version of capstone installed on the remote host is prior to 3.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3133 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds- checked, so a user-provide...

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path...

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path...

Amazon Linux 2023 : capstone, capstone-devel, capstone-java (ALAS2023-2026-1372)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1372 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds- checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24...

Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow

...

Photon OS 5.0: Capstone PHSA-2026-5.0-0732

An update of the capstone package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0732. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Capstone PHSA-2026-4.0-0938

An update of the capstone package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0938. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

openSUSE Security Advisory (SUSE-SU-2026:0060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: capstone / capstone-doc / libcapstone-devel / libcapstone4 / etc (SUSE-SU-2026:0060-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0060-1 advisory. Security issues fixed: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap...

Security update for capstone

This update for capstone fixes the following issues: Security issues fixed: CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow bsc1255309. CVE-2025-68114: unchecked vsnprintf return value can lead to a stack buffer overflow bsc1255310. Other...

SUSE-SU-2026:0060-1 Security update for capstone

This update for capstone fixes the following issues: Security issues fixed: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow bsc1255309. - CVE-2025-68114: unchecked vsnprintf return value can lead to a stack buffer overflow bsc1255310...

SUSE-SU-2026:20054-1 Security update for capstone

This update for capstone fixes the following issues: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow bsc1255309. - CVE-2025-68114: unchecked vsnprintf return value can lead to a stack buffer overflow bsc1255310...

CVE-2025-67873

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...