Bug 1176283 (CVE-2020-24980) - VUL-1: CVE-2020-24980: bison: An assertion failure was found in src/parse-gram.c
Summary: VUL-1: CVE-2020-24980: bison: An assertion failure was found in src/parse-gram.c
Status: RESOLVED INVALID
Alias: CVE-2020-24980
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/266746/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-24980:3.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-08 15:27 UTC by Robert Frohl
Modified: 2024-05-09 19:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-09-08 15:27:51 UTC 
CVE-2020-24980

An assertion failure was found in src/parse-gram.c in GNU bison
3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file
containing character '\' at the end and while still in a character or a string.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24980
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24980.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24980
https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8
https://lists.gnu.org/r/bug-bison/2020-08/msg00009.html
Comment 1 Robert Frohl 2020-09-08 15:32:11 UTC 
does neither affect the current versions in SLE12, SLE15 or Tumbleweed
Comment 2 Camila Camargo de Matos 2024-05-09 19:05:55 UTC 
It also seems like this CVE is now REJECTED. See [0]. I will be closing this bug as INVALID, due to this and due to information in comment #2.

[0] https://nvd.nist.gov/vuln/detail/CVE-2020-24980