{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-11-27T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[openbsd-cvs] 20080708 Re: CVS: cvs.openbsd.org: src", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2"}, {"name": "31073", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31073"}, {"name": "[openbsd-cvs] 20080708 CVS: cvs.openbsd.org: src", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2"}, {"name": "ADV-2008-2151", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2151/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3196", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[openbsd-cvs] 20080708 Re: CVS: cvs.openbsd.org: src", "refsource": "MLIST", "url": "http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2"}, {"name": "31073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31073"}, {"name": "[openbsd-cvs] 20080708 CVS: cvs.openbsd.org: src", "refsource": "MLIST", "url": "http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2"}, {"name": "ADV-2008-2151", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2151/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:28:41.608Z"}, "title": "CVE Program Container", "references": [{"name": "[openbsd-cvs] 20080708 Re: CVS: cvs.openbsd.org: src", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2"}, {"name": "31073", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31073"}, {"name": "[openbsd-cvs] 20080708 CVS: cvs.openbsd.org: src", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2"}, {"name": "ADV-2008-2151", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2151/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3196", "datePublished": "2008-07-16T18:00:00", "dateReserved": "2008-07-16T00:00:00", "dateUpdated": "2024-08-07T09:28:41.608Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yacc:yacc:*:*:*:*:*:*:*:*", "matchCriteriaId": "75F9A64F-F19E-4289-91D1-1E5D08FD264A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack."}, {"lang": "es", "value": "skeleton.c de yacc, no gestiona correctamente la reducci\u00f3n de una regla con la parte derecha vac\u00eda, lo cual permite a los atacantes seg\u00fan contexto provocar un acceso a pila fuera de rango cuando el puntero de yacc stack apunta al final de la pila."}], "id": "CVE-2008-3196", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-16T18:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31073"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2151/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2151/references"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3196\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-07-17T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "byacc: Potential out of bounds of allocated stack access", "id": "455031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=455031"}, "csaw": false, "details": ["skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack."], "name": "CVE-2008-3196", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Will not fix", "package_name": "byacc", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "byacc", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "byacc", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2008-07-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-3196\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-3196"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}