CVE-2025-67873
EUVD-2025-20399617.12.2025, 22:16
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| capstone-engine | capstone | 𝑥 < 6.0.0 |
| capstone-engine | capstone | 6.0.0:alpha1 |
| capstone-engine | capstone | 6.0.0:alpha2 |
| capstone-engine | capstone | 6.0.0:alpha3 |
| capstone-engine | capstone | 6.0.0:alpha4 |
| capstone-engine | capstone | 6.0.0:alpha5 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| capstone |
| ||||
| capstone-debuginfo |
| ||||
| capstone-debugsource |
| ||||
| capstone-devel |
| ||||
| capstone-java |
| ||||
| python2-capstone |
| ||||
| python3-capstone |
| ||||
| python3-capstone-debuginfo |
|