7.8
CVE-2025-67873
- EPSS 0.02%
- Veröffentlicht 17.12.2025 21:12:13
- Zuletzt bearbeitet 02.01.2026 18:39:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Capstone-engine ≫ Capstone Version < 6.0.0
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha1
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha2
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha3
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha4
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.037 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 4.8 | 1.3 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().