Vulnerabilities > CVE-2008-3196 - Resource Management Errors vulnerability in Yacc
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.
Common Weakness Enumeration (CWE)
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-17 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3196 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
References
- http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2
- http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2
- http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2
- http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2
- http://secunia.com/advisories/31073
- http://secunia.com/advisories/31073
- http://www.vupen.com/english/advisories/2008/2151/references
- http://www.vupen.com/english/advisories/2008/2151/references