CVE-2025-8733

A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
bison
bullseye
unimportant
forky
unimportant
sid
unimportant
bookworm
unimportant
trixie
unimportant
Common Weakness Enumeration
References
https://github.com/akimd/bison/issues/113
https://github.com/akimd/bison/issues/114
https://vuldb.com/?ctiid.319229
https://vuldb.com/?id.319229
https://vuldb.com/?submit.622298
https://vuldb.com/?submit.622299
https://www.gnu.org/