Bison
Monthly
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.