{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8733", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-08T07:57:05.616Z", "datePublished": "2025-08-08T17:32:06.798Z", "dateUpdated": "2025-08-19T04:27:16.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-19T04:27:16.223Z"}, "title": "GNU Bison obprintf.c __obstack_vprintf_internal assertion", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-617", "lang": "en", "description": "Reachable Assertion"}]}], "affected": [{"vendor": "GNU", "product": "Bison", "versions": [{"version": "3.8.0", "status": "affected"}, {"version": "3.8.1", "status": "affected"}, {"version": "3.8.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in GNU Bison bis 3.8.2 entdeckt. Betroffen davon ist die Funktion __obstack_vprintf_internal der Datei obprintf.c. Dank Manipulation mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-19T06:30:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319229", "name": "VDB-319229 | GNU Bison obprintf.c __obstack_vprintf_internal assertion", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319229", "name": "VDB-319229 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.622298", "name": "Submit #622298 | GNU Bison Bison the newest master(2ceaf03-Jul10 in https://cgit.git.savannah.gnu.org/cgit/bison.git) Assertion Failure", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.622299", "name": "Submit #622299 | GNU Bison Bison the newest master(2ceaf03-Jul10 in https://cgit.git.savannah.gnu.org/cgit/bison.git) Assertion Failure (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/akimd/bison/issues/113", "tags": ["issue-tracking"]}, {"url": "https://github.com/akimd/bison/issues/114", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "tags": ["disputed"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-08T17:47:57.761068Z", "id": "CVE-2025-8733", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T17:52:55.136Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8733", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-08T17:47:57.761068Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T17:48:27.572Z"}}], "cna": {"tags": ["disputed"], "title": "GNU Bison obprintf.c __obstack_vprintf_internal assertion", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "GNU", "product": "Bison", "versions": [{"status": "affected", "version": "3.8.0"}, {"status": "affected", "version": "3.8.1"}, {"status": "affected", "version": "3.8.2"}]}], "timeline": [{"lang": "en", "time": "2025-08-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-19T06:30:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319229", "name": "VDB-319229 | GNU Bison obprintf.c __obstack_vprintf_internal assertion", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319229", "name": "VDB-319229 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.622298", "name": "Submit #622298 | GNU Bison Bison the newest master(2ceaf03-Jul10 in https://cgit.git.savannah.gnu.org/cgit/bison.git) Assertion Failure", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.622299", "name": "Submit #622299 | GNU Bison Bison the newest master(2ceaf03-Jul10 in https://cgit.git.savannah.gnu.org/cgit/bison.git) Assertion Failure (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/akimd/bison/issues/113", "tags": ["issue-tracking"]}, {"url": "https://github.com/akimd/bison/issues/114", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in GNU Bison bis 3.8.2 entdeckt. Betroffen davon ist die Funktion __obstack_vprintf_internal der Datei obprintf.c. Dank Manipulation mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "Reachable Assertion"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-19T04:27:16.223Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8733", "state": "PUBLISHED", "dateUpdated": "2025-08-19T04:27:16.223Z", "dateReserved": "2025-08-08T07:57:05.616Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-08T17:32:06.798Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en GNU Bison hasta la versi\u00f3n 3.8.2. Se ha clasificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n __obstack_vprintf_internal del archivo obprintf.c. La manipulaci\u00f3n genera una aserci\u00f3n accesible. Es posible lanzar el ataque contra el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-8733", "lastModified": "2025-08-19T05:15:31.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-08T18:15:29.337", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/akimd/bison/issues/113"}, {"source": "cna@vuldb.com", "url": "https://github.com/akimd/bison/issues/114"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.319229"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.319229"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.622298"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.622299"}, {"source": "cna@vuldb.com", "url": "https://www.gnu.org/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "bison: Bison Assertion Reachability Vulnerability", "id": "2387286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387286"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-617", "details": ["A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.", "A flaw was found in bison. The `__obstack_vprintf_internal` function in `obprintf.c` contains an issue where manipulation can lead to a reachable assertion, allowing a local attacker to trigger an assertion failure. This condition is exploitable via crafted input. The primary consequence of this vulnerability is an application level denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-8733", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bison", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-08-08T17:32:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8733\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8733\nhttps://github.com/akimd/bison/issues/113\nhttps://github.com/akimd/bison/issues/114\nhttps://vuldb.com/?ctiid.319229\nhttps://vuldb.com/?id.319229\nhttps://vuldb.com/?submit.622298\nhttps://vuldb.com/?submit.622299\nhttps://www.gnu.org/"], "threat_severity": "Low"}