GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.
"2026-07-08T17:56:40Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24240.json"
[
{
"id": "CVE-2020-24240-85d57cd5",
"digest": {
"line_hashes": [
"152892177091449443900596977177214106375",
"110470093975942762776580447940415453127",
"8556976720912662219078527567889747895"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d",
"deprecated": false,
"target": {
"file": "src/flex-scanner.h"
}
}
]