9.8
CVE-2025-68114
- EPSS 0.04%
- Veröffentlicht 17.12.2025 21:14:31
- Zuletzt bearbeitet 02.01.2026 18:33:09
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Capstone-engine ≫ Capstone Version < 6.0.0
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha1
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha2
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha3
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha4
Capstone-engine ≫ Capstone Version6.0.0 Updatealpha5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 4.8 | 1.3 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-124 Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.