GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). Reference: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
Created bison tracking bugs for this issue: Affects: fedora-all [bug 1847609]
Mitigation: To mitigate this flaw, do not use Bison on untrusted input.
The CVE seems to encapsulate several heap buffer overflows and assertion failures found listed as "[bison crash]" on [1]. Most of the issues stem from the same flawed code that is patched in [2]. All issues require untrusted input to be provided to bison, and likely will lead to bison crashing. 1. https://lists.gnu.org/archive/html/bug-bison/2020-03/index.html 2. https://github.com/akimd/bison/commit/641e326303753575664ca146fee7e9148d6bf5cf