CVE-2020-24240 - GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obsta - CVEs Blog

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a ” byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24240

Reference (s):

https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d
https://github.com/akimd/bison/compare/v3.7 v3.7.1
https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html

CVE-2020-24240 – GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obsta

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-26934 - phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the trans

CVE-2020-26296 - Vega is a visualization grammar, a declarative format for creating, savin

Categories

Partners

Just add here your partners image or promo text