Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2020/09/10 12:42 p.m.29 views

CVE-2020-24979

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none Mitigation This flaw...

6.4AI score
Exploits0References3
CNVD
CNVD
added 2020/09/07 12:0 a.m.3 views

GNU bison buffer overflow vulnerability

GNU Bison is free software for the automatic generation of syntax parser programs. A buffer overflow vulnerability exists in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker can exploit this vulnerability via specially crafted input files to cause a system crash...

7.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/08/26 2:38 p.m.28 views

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

7.1CVSS0.9AI score0.01265EPSS
Exploits0References3
CNVD
CNVD
added 2020/08/26 12:0 a.m.3 views

GNU Bison Post-Release Reuse Vulnerability

GNU Bison is free software for the automatic generation of syntax parser programs. A post-release reuse vulnerability exists in GNU Bison 3.7. A local attacker can cause a system crash by exploiting this vulnerability via a specially crafted input file containing NULL bytes...

7.1CVSS6.7AI score0.01265EPSS
Exploits0References1
OSV
OSV
added 2020/08/25 2:15 p.m.22 views

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

5.5CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2020/08/25 2:15 p.m.4 views

ALPINE-CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

5.5CVSS7.1AI score0.01265EPSS
Exploits0References1
NVD
NVD
added 2020/08/25 2:15 p.m.13 views

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

7.1CVSS5.4AI score0.01265EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/08/25 2:15 p.m.42 views

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

7.1CVSS6.1AI score0.01265EPSS
Exploits0References2
OSV
OSV
added 2020/08/25 2:15 p.m.2 views

UBUNTU-CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

5.5CVSS6.1AI score0.01265EPSS
Exploits0References3
Prion
Prion
added 2020/08/25 2:15 p.m.19 views

Design/Logic Flaw

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

7.1CVSS5.4AI score0.01265EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/08/25 1:45 p.m.24 views

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

5.3AI score0.01265EPSS
Exploits0References3
CVE
CVE
added 2020/08/25 1:45 p.m.94 views

CVE-2020-24240

CVE-2020-24240 concerns GNU Bison before 3.7.1, which contains a use-after-free in _obstack_free (lib/obstack.c) when a NULL byte is encountered during gram_lex. The risk is limited to cases where Bison processes untrusted input, and the observed behavior was primarily a crash in Bison itself, no...

7.1CVSS5.3AI score0.01265EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/08/25 1:45 p.m.28 views

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

7.1CVSS5.7AI score0.01265EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2020/08/25 12:0 a.m.24 views

Use After Free

GNU Bison has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was...

7.1CVSS0.6AI score0.01265EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/06/16 5:25 p.m.21 views

CVE-2020-14150

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

5.5CVSS2.6AI score0.00401EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/16 12:0 a.m.7 views

GNU Bison Denial of Service Vulnerability

GNU Bison is free software for the automatic generation of syntax parser programs. A denial of service vulnerability exists in GNU Bison versions prior to 3.5.4. An attacker could exploit this vulnerability to cause the application to crash...

5.5CVSS6.4AI score0.00401EPSS
Exploits0References1
OSV
OSV
added 2020/06/15 5:15 p.m.7 views

CVE-2020-14150

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

5.5CVSS5.4AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/06/15 5:15 p.m.26 views

CVE-2020-14150

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

5.5CVSS6.1AI score0.00401EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/06/15 5:15 p.m.51 views

CVE-2020-14150

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

5.5CVSS3.5AI score0.00401EPSS
Exploits0
Prion
Prion
added 2020/06/15 5:15 p.m.21 views

Input validation

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

2.1CVSS5.4AI score0.00401EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder