keystone
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Lightweight multi-platform, multi-architecture assembler framework |
Version | 0.9.2-7 [extra] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2117 | 0.9.2-2 | Medium | Vulnerable |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2020-36405 | AVG-2117 | Medium | Yes | Arbitrary code execution | Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. |
CVE-2020-36404 | AVG-2117 | Medium | Yes | Arbitrary code execution | Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1979 | 0.9.2-1 | Medium | Not affected |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-3563 | AVG-1979 | Medium | Yes | Private key recovery | Keystone only verifies part of the secret - the first 72 characters. Additional complexity is ignored, giving users an inflated sense of security. Default... |