oss-sec mailing list archives
CVE id request: byacc
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 15 Jul 2008 13:47:32 +0200
Hello, there is already for a long time known possible out of allocated stack bounds access in yacc. Description of problem: ======================= Otto Moerbeck has reported the following potential out of bounds of the allocated stack access in the yacc binary: Fix an venerable bug: if we're reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action. Detected by my new malloc, experienced by sturm@ on sparc64; ok deraadt@ Public mention of this issue: ============================= http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2 Proposed OpenBSD patch: ======================= http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29 Steve, could you please allocate a CVE identifier, we could use for future references to this one? Thank you in advance! Kind regards Jan iankko Lieskovsky RH Security Response Team
Current thread:
- CVE id request: byacc Jan Lieskovsky (Jul 15)
- Re: CVE id request: byacc Steven M. Christey (Jul 16)