Bug 1877772 (CVE-2020-24979)

Summary: CVE-2020-24979 bison: Buffer overflow in src/symtab.c via crafted input file redefining the EOF token can lead to DoS
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: arjun.is, ashankar, emachado, me, pfrankli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-02 17:46:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1877776, 1882044, 1882045    
Bug Blocks: 1877775    

Description Michael Kaplan 2020-09-10 12:18:40 UTC 
A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash.

References:

https://github.com/akimd/bison/commit/bfd851e2d621734886c66c0af26e861e718510b2
https://lists.gnu.org/r/bug-bison/2020-08/msg00008.html
Comment 1 Michael Kaplan 2020-09-10 12:20:04 UTC 
Created bison tracking bugs for this issue:

Affects: fedora-all [bug 1877776]
Comment 6 Todd Cullum 2020-09-23 16:55:33 UTC 
Mitigation:

This flaw can be mitigated by not supplying untrusted input to be processed by GNU Bison.
Comment 7 Red Hat Bugzilla 2023-09-15 00:47:51 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days