CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
openeulerbyacc
𝑥
< 1.9.20200330
openeulerbyacc
2.0 ≤
𝑥
< 2.0.20210808
𝑥
= Vulnerable software versions
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
byacc
Amazon Linux 2023
0:2.0.20210109-2.amzn2023.0.3
fixed
byacc-debuginfo
Amazon Linux 2023
0:2.0.20210109-2.amzn2023.0.3
fixed
byacc-debugsource
Amazon Linux 2023
0:2.0.20210109-2.amzn2023.0.3
fixed