CVE-2020-24240

Name of the Vulnerable Software and Affected Versions GNU Bison versions prior to 3.7.1

Description The issue arises from a use-after-free in obstack free in lib/obstack.c, which is called from gram lex, when a '0' byte is encountered. This poses a risk only if GNU Bison is used with untrusted input, and the observed bug causes unsafe behavior with a specific compiler or architecture. The bug report indicates that a crash may occur in GNU Bison itself.

Recommendations For GNU Bison versions prior to 3.7.1, update to version 3.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of GNU Bison with untrusted input until a patch is available.