CVE-2020-14150

Published: 6/15/2020 Last updated: 8/4/2024 Reserved: 6/15/2020

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-bison

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 0.9.0

References (4)

https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
https://bugs.gentoo.org/717936
https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
https://bugs.gentoo.org/717936