CVE-2020-14150

Priority
Description
GNU Bison before 3.5.4 allows attackers to cause a denial of service
(application crash). NOTE: there is a risk only if Bison is used with
untrusted input, and an observed bug happens to cause unsafe behavior with
a specific compiler/architecture. The bug reports were intended to show
that a crash may occur in Bison itself, not that a crash may occur in code
that is generated by Bison.
Notes
Package
Source: bison (LP Ubuntu Debian)
Upstream:released (2:3.6.1+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):not-affected (2:3.6.1+dfsg-2)
More Information

Updated: 2020-09-09 23:35:24 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)