ByteOS Network

Bison

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-8734

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.01% / 1.83%

7 Day CHG~0.00%

Published-08 Aug, 2025 | 18:02

Updated-19 Aug, 2025 | 05:15

GNU Bison scan-code.c code_free double free

A vulnerability has been found in GNU Bison up to 3.8.2. This impacts the function code_free of the file src/scan-code.c. The manipulation leads to double free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.

Vendor-GNU

Product-Bison

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-415

Double Free

CVE-2025-8733

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.01% / 1.83%

7 Day CHG~0.00%

Published-08 Aug, 2025 | 17:32

Updated-19 Aug, 2025 | 05:15

GNU Bison obprintf.c __obstack_vprintf_internal assertion

A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.

Vendor-GNU

Product-Bison

CWE ID-CWE-617

Reachable Assertion