system/bison: CVE-2020-24240: UAF in _obstack_free
Bugzilla ID | 353 |
Alias(es) | CVE-2020-24240 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-09-04 16:42:29 -0500 |
Modified | 2020-09-22 22:39:10 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/bison |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-24240 |
Description
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in
lib/obstack.c (called from gram_lex) when a '\0' byte is encountered.
NOTE: there is a risk only if Bison is used with untrusted input, and
the observed bug happens to cause unsafe behavior with a specific
compiler/architecture. The bug report was intended to show that a
crash may occur in Bison itself, not that a crash may occur in code
that is generated by Bison.
Fixed in >= 3.7.1 https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d