OESA-2022-1767

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1767

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1767.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2022-1767

Upstream

CVE-2020-24240

Published

2022-07-22T11:04:00Z

Modified

2025-09-03T06:17:03.129755Z

Summary

bison security update

Details

Bison is a general-purpose parser generator that converts an annotated context-free grammar into a deterministic LR or generalized LR (GLR) parser employing LALR(1) parser tables. As an experimental feature, Bison can also generate IELR(1) or canonical LR(1) parser tables. Once you are proficient with Bison, you can use it to develop a wide range of language parsers, from those used in simple desk calculators to complex programming languages.

Security Fix(es):

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.(CVE-2020-24240)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / bison

Package

Name: bison
Purl: pkg:rpm/openEuler/bison&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.4-2.oe1

Ecosystem specific

{
    "src": [
        "bison-3.6.4-2.oe1.src.rpm"
    ],
    "noarch": [
        "bison-help-3.6.4-2.oe1.noarch.rpm"
    ],
    "x86_64": [
        "bison-3.6.4-2.oe1.x86_64.rpm",
        "bison-devel-3.6.4-2.oe1.x86_64.rpm",
        "bison-lang-3.6.4-2.oe1.x86_64.rpm",
        "bison-debugsource-3.6.4-2.oe1.x86_64.rpm",
        "bison-debuginfo-3.6.4-2.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "bison-debuginfo-3.6.4-2.oe1.aarch64.rpm",
        "bison-debugsource-3.6.4-2.oe1.aarch64.rpm",
        "bison-lang-3.6.4-2.oe1.aarch64.rpm",
        "bison-devel-3.6.4-2.oe1.aarch64.rpm",
        "bison-3.6.4-2.oe1.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1767.json"

openEuler:20.03-LTS-SP3 / bison

Package

Name: bison
Purl: pkg:rpm/openEuler/bison&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.4-3.oe1

Ecosystem specific

{
    "src": [
        "bison-3.6.4-3.oe1.src.rpm"
    ],
    "noarch": [
        "bison-help-3.6.4-3.oe1.noarch.rpm"
    ],
    "x86_64": [
        "bison-debuginfo-3.6.4-3.oe1.x86_64.rpm",
        "bison-devel-3.6.4-3.oe1.x86_64.rpm",
        "bison-3.6.4-3.oe1.x86_64.rpm",
        "bison-lang-3.6.4-3.oe1.x86_64.rpm",
        "bison-debugsource-3.6.4-3.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "bison-debuginfo-3.6.4-3.oe1.aarch64.rpm",
        "bison-3.6.4-3.oe1.aarch64.rpm",
        "bison-debugsource-3.6.4-3.oe1.aarch64.rpm",
        "bison-devel-3.6.4-3.oe1.aarch64.rpm",
        "bison-lang-3.6.4-3.oe1.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1767.json"