CVE-2025-8734 | THREATINT

Description

A vulnerability classified as problematic has been found in GNU Bison up to 3.8.2. Affected is the function code_free of the file src/scan-code.c. The manipulation leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Es wurde eine problematische Schwachstelle in GNU Bison bis 3.8.2 entdeckt. Es betrifft die Funktion code_free der Datei src/scan-code.c. Durch Beeinflussen mit unbekannten Daten kann eine double free-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-08-08 | Published 2025-08-08 | Updated 2025-08-08 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

Double Free

Memory Corruption

Product status

3.8.0

affected

3.8.1

affected

3.8.2

affected

Timeline

2025-08-08:	Advisory disclosed
2025-08-08:	VulDB entry created
2025-08-08:	VulDB entry last update

References

vuldb.com/?id.319230 (VDB-319230 | GNU Bison scan-code.c code_free double free) vdb-entry technical-description

vuldb.com/?ctiid.319230 (VDB-319230 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.622300 (Submit #622300 | GNU Bison Bison the newest master(2ceaf03-Jul10 in https://cgit.git.savannah.gnu.org/cgit/bison.git) Memory Corruption Vulnerability (Double Free)) third-party-advisory

github.com/akimd/bison/issues/115 issue-tracking

drive.google.com/...88dWNl9-6H4jLWUcXYNZ/view?usp=drive_link exploit

www.gnu.org/ product

cve.org (CVE-2025-8734)

nvd.nist.gov (CVE-2025-8734)

Download JSON