Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3644
HistoryJul 16, 2008 - 12:00 a.m.

Berkeley Yacc (byacc) 'skeleton.c'本地拒绝服务漏洞

2008-07-1600:00:00
Root
www.seebug.org
16
JSON

BUGTRAQ ID: 30233
CNCAN ID:CNCAN-2008071604

Berkeley Yacc是一款用于生成编译器的编译器。
Berkeley Yacc (byacc) 'skeleton.c’存在越界访问,本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。
在减少规则和yacc堆栈指针指向分配栈中很后面的位置时,通过$$ = $1行为可导致内存越界访问而造成应用程序崩溃。

Robert Corbett Berkeley Yacc (byacc) 20070509
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.0
OpenBSD OpenBSD 4.3
OpenBSD OpenBSD 4.2
OpenBSD OpenBSD 4.1
OpenBSD OpenBSD 4.0
OpenBSD OpenBSD 3.9
OpenBSD OpenBSD 3.8
OpenBSD OpenBSD 3.7
OpenBSD OpenBSD 3.6
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD 3.3
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD -current

OpenBSD’s CVS已经修正此漏洞:
<a href=“http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&amp;r2=1.29” target=“_blank”>http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&amp;r2=1.29</a>

JSON