{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-31T02:52:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/akimd/bison/compare/v3.7...v3.7.1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d", "refsource": "MISC", "url": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d"}, {"name": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html", "refsource": "MISC", "url": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html"}, {"name": "https://github.com/akimd/bison/compare/v3.7...v3.7.1", "refsource": "MISC", "url": "https://github.com/akimd/bison/compare/v3.7...v3.7.1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/akimd/bison/compare/v3.7...v3.7.1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24240", "datePublished": "2020-08-25T13:45:01", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T15:12:08.957Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:bison:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "0838D60C-79CC-4AC7-A390-DB27DCA03303", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison."}, {"lang": "es", "value": "GNU Bison versi\u00f3n 3.7, presenta una vulnerabilidad de uso de la memoria previamente liberada (UAF). Un atacante local puede ejecutar bison con un archivo de entrada dise\u00f1ado que contiene un byte NULL, lo que podr\u00eda desencadenar un UAF y, por lo tanto, causar un bloqueo del sistema"}], "id": "CVE-2020-24240", "lastModified": "2024-11-21T05:14:32.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-25T14:15:16.543", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/akimd/bison/compare/v3.7...v3.7.1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/akimd/bison/compare/v3.7...v3.7.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "bison: use-after-free via crafted input file containing a NULL byte can lead to DoS", "id": "1872737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872737"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison."], "name": "CVE-2020-24240", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2020-07-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-24240\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24240"], "statement": "bison as shipped in Red Hat Enterprise Linux 7 and 8 does not reproduce this flaw. It properly detects the NULL byte and errors out accordingly instead of causing use-after-free. This is likely due to introduction of vulnerable code in a more recent version of bison.", "threat_severity": "Moderate", "upstream_fix": "bison 3.7.1"}