Source: capstone Version: 5.0.6-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for capstone. CVE-2025-68114[0]: | Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and | prior, an unchecked vsnprintf return in SStream_concat lets a | malicious cs_opt_mem.vsnprintf drive SStream’s index negative or | past the end, leading to a stack buffer underflow/overflow when the | next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e | fixes the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-68114 https://www.cve.org/CVERecord?id=CVE-2025-68114 [1] https://github.com/capstone-engine/capstone/security/advisories/GHSA-85f5-6xr3-q76r [2] https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e Please adjust the affected versions in the BTS as needed. Regards, Salvatore
