11 matches found
Astra Linux - уязвимость в bison
GNU Bison before version 3.5.4 allowed attackers to cause a denial of service application crash. NOTE: There is only a risk if Bison is used with untrusted inputs, and a reported bug could lead to unsafe behavior with a specific compiler/architecture. The bug reports were intended to indicate tha...
JLSEC-2026-117
GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...
EUVD-2020-6307
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-24240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if...
CVE-2025-8734
A flaw was found in bison. The codefree function in src/scan-code.c is susceptible to a double-free condition due to improper memory management, allowing a local attacker to trigger a memory corruption issue. This manipulation occurs when processing specially crafted input, resulting in a potenti...
Reachable Assertion
Overview Affected versions of this package are vulnerable to Reachable Assertion via the handleactiondollar function in scan-code.l. An attacker can cause a reachable assertion failure by providing crafted input to this function, potentially leading to a denial of service on the local system...
CVE-2025-8733
A flaw has been found in GNU Bison up to 3.8.2. This affects the function obstackvprintfinternal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this...
CVE-2025-8733
...
CVE-2025-8733
CVE-2025-8733 entry is withdrawn/not an active vulnerability per NVD: the CNA withdrew it and analysis showed the referenced stack-trace files do not exist in GNU Bison; other connected records describe related discussions but do not establish an exploitable issue for this CVE.
PT-2025-32389 · Gnu +1 · Gnu Bison +1
Name of the Vulnerable Software and Affected Versions: GNU Bison versions through 3.8.2 Description: A problematic vulnerability has been found in GNU Bison. The issue affects the code free function within the src/scan-code.c file, leading to a double free condition. The attack requires local...
DEBIAN-CVE-2020-14150
GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...