Vulnerabilities > CVE-2008-3196 - Resource Management Errors vulnerability in Yacc

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

yacc

CWE-399

NVD

Published: 2008-07-16

Updated: 2012-11-27

Summary

skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.

Vulnerable Configurations

Part	Description	Count
Application	Yacc Yacc Yacc *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Statements

contributor	Mark J Cox
lastmodified	2008-07-17
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3196 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Statements

References