Candidate: CVE-2020-14150
PublicDate: 2020-06-15 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14150
 https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
Description:
 GNU Bison before 3.5.4 allows attackers to cause a denial of service
 (application crash). NOTE: there is a risk only if Bison is used with
 untrusted input, and an observed bug happens to cause unsafe behavior with
 a specific compiler/architecture. The bug reports were intended to show
 that a crash may occur in Bison itself, not that a crash may occur in code
 that is generated by Bison.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.gentoo.org/717936
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_bison:
upstream_bison: released (2:3.6.1+dfsg-1)
precise/esm_bison: DNE
trusty_bison: ignored (out of standard support)
trusty/esm_bison: DNE
xenial_bison: ignored (end of standard support, was needs-triage)
esm-infra/xenial_bison: needs-triage
bionic_bison: needs-triage
eoan_bison: ignored (reached end-of-life)
focal_bison: needs-triage
groovy_bison: not-affected (2:3.6.1+dfsg-2)
hirsute_bison: not-affected (2:3.6.1+dfsg-2)
impish_bison: not-affected (2:3.6.1+dfsg-2)
jammy_bison: not-affected (2:3.6.1+dfsg-2)
devel_bison: not-affected (2:3.6.1+dfsg-2)