CVE-2020-24240: system/bison: UAF in _obstack_free
|Reporter||Max Rees (sroracle)|
|Assignee||Max Rees (sroracle)|
|Reported||2020-09-04 16:42:29 -0500|
|Modified||2020-09-22 22:39:10 -0500|
|Hardware||Adélie Linux / All|
|Importance||--- / normal|
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in
lib/obstack.c (called from gram_lex) when a '\0' byte is encountered.
NOTE: there is a risk only if Bison is used with untrusted input, and
the observed bug happens to cause unsafe behavior with a specific
compiler/architecture. The bug report was intended to show that a
crash may occur in Bison itself, not that a crash may occur in code
that is generated by Bison.