GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).
Created bison tracking bugs for this issue:
Affects: fedora-all [bug 1847609]
To mitigate this flaw, do not use Bison on untrusted input.
The CVE seems to encapsulate several heap buffer overflows and assertion failures found listed as "[bison crash]" on . Most of the issues stem from the same flawed code that is patched in . All issues require untrusted input to be provided to bison, and likely will lead to bison crashing.