Advisory ROSA-SA-2026-3229

software: capstone 4.0.2 OS: ROSA-CHROME unaffected versions = capstone-4.0.2-2 affected versions capstone-4.0.2.2-2 CVE-ID: CVE-2025-67873 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Capstone is a disassembler framework. In versions up to and including 6.0.0.0-Alpha5, skipdata length was not checked...

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path...

Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow

...

SUSE CVE-2025-67873

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

CVE-2025-67873

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

AZL-74915 CVE-2025-67873 affecting package rust 1.90.0-3

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

UBUNTU-CVE-2025-67873

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

CVE-2025-67873 Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

CVE-2025-67873 Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

CVE-2025-67873

Capstone CVE-2025-67873 affects the disassembly framework in 6.0.0-Alpha5 and earlier. A missing bounds check on a user-provided skipdata callback allows memcpy beyond 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. The exploit path and impact are described in...

CVE-2025-67873 Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

Capstone 安全漏洞

Capstone is a cross-platform disassembly framework from Capstone, Inc. that supports use for binary analysis and reverse engineering of secure communications, among other things. A security vulnerability exists in Capstone 6.0.0-Alpha5 and earlier versions, which stems from Skipdata length not...