CVE-2025-8733
GNU Bison obprintf.c __obstack_vprintf_internal assertion
Description
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
INFO
Published Date :
Aug. 8, 2025, 6:15 p.m.
Last Modified :
Nov. 4, 2025, 12:15 a.m.
Remotely Exploit :
No
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 2.0 | LOW | [email protected] | ||||
| CVSS 3.1 | LOW | [email protected] | ||||
| CVSS 4.0 | MEDIUM | [email protected] |
Solution
- Update GNU Bison to a version later than 3.8.2.
- Review the obprintf.c file for assertion vulnerabilities.
- Apply relevant security patches if the issue is confirmed.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-8733 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-8733 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Rejected by [email protected]
Nov. 04, 2025
Action Type Old Value New Value -
CVE Modified by [email protected]
Nov. 04, 2025
Action Type Old Value New Value Removed Tag VulDB: disputed Changed Description A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container. Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison. Removed CVSS V4.0 VulDB: AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Removed CVSS V3.1 VulDB: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Removed CVSS V2 VulDB: (AV:L/AC:L/Au:S/C:N/I:N/A:P) Removed CWE VulDB: CWE-617 Removed Reference VulDB: https://github.com/akimd/bison/issues/113 Removed Reference VulDB: https://github.com/akimd/bison/issues/114 Removed Reference VulDB: https://vuldb.com/?ctiid.319229 Removed Reference VulDB: https://vuldb.com/?id.319229 Removed Reference VulDB: https://vuldb.com/?submit.622298 Removed Reference VulDB: https://vuldb.com/?submit.622299 Removed Reference VulDB: https://www.gnu.org/ Removed Reference CVE: https://www.openwall.com/lists/oss-security/2025/10/27/12 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Oct. 28, 2025
Action Type Old Value New Value Added Reference https://www.openwall.com/lists/oss-security/2025/10/27/12 -
CVE Modified by [email protected]
Aug. 19, 2025
Action Type Old Value New Value Added Tag disputed Changed Description A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container. -
New CVE Received by [email protected]
Aug. 08, 2025
Action Type Old Value New Value Added Description A vulnerability was found in GNU Bison up to 3.8.2. It has been rated as problematic. This issue affects the function __obstack_vprintf_internal of the file obprintf.c. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Added CVSS V2 (AV:L/AC:L/Au:S/C:N/I:N/A:P) Added CWE CWE-617 Added Reference https://github.com/akimd/bison/issues/113 Added Reference https://github.com/akimd/bison/issues/114 Added Reference https://vuldb.com/?ctiid.319229 Added Reference https://vuldb.com/?id.319229 Added Reference https://vuldb.com/?submit.622298 Added Reference https://vuldb.com/?submit.622299 Added Reference https://www.gnu.org/