oss-sec mailing list archives
Re: CVE id request: byacc
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 16 Jul 2008 13:48:55 -0400 (EDT)
====================================================== Name: CVE-2008-3196 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3196 Reference: MLIST:[openbsd-cvs] 20080708 CVS: cvs.openbsd.org: src Reference: URL:http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2 Reference: MLIST:[openbsd-cvs] 20080708 Re: CVS: cvs.openbsd.org: src Reference: URL:http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2 skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.
Current thread:
- CVE id request: byacc Jan Lieskovsky (Jul 15)
- Re: CVE id request: byacc Steven M. Christey (Jul 16)