PT-2020-13895 · Gnu+2 · Gnu Bison+2

Sam James

Published

2020-06-15

Updated

2023-03-01

CVE-2020-14150

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Bison versions prior to 3.5.4

Description The issue allows attackers to cause a denial of service, resulting in an application crash. This can occur when GNU Bison is used with untrusted input and a specific bug happens to cause unsafe behavior with a certain compiler or architecture. The bug reports indicate that the crash may occur in Bison itself.

Recommendations For versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of untrusted input with GNU Bison until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-1649

CVE-2020-14150

MGASA-2021-0023

Affected Products

Alt Linux

Astra Linux

Gnu Bison

PT-2020-13895 · Gnu+2 · Gnu Bison+2

CVE-2020-14150

Related Identifiers

Affected Products

References · 13