oss-sec mailing list archives

Re: CVE id request: byacc

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 16 Jul 2008 13:48:55 -0400 (EDT)


======================================================
Name: CVE-2008-3196
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3196
Reference: MLIST:[openbsd-cvs] 20080708 CVS: cvs.openbsd.org: src
Reference: URL:http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2
Reference: MLIST:[openbsd-cvs] 20080708 Re: CVS: cvs.openbsd.org: src
Reference: URL:http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2

skeleton.c in yacc does not properly handle reduction of a rule with
an empty right hand side, which allows context-dependent attackers to
cause an out-of-bounds stack access when the yacc stack pointer points
to the end of the stack.

Current thread:

CVE id request: byacc Jan Lieskovsky (Jul 15)
- Re: CVE id request: byacc Steven M. Christey (Jul 16)