cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-24240,https://securityvulnerability.io/vulnerability/CVE-2020-24240,Use-After-Free Vulnerability in GNU Bison by GNU,"GNU Bison, prior to version 3.7.1, contains a use-after-free vulnerability in the _obstack_free function within lib/obstack.c. This issue arises when a null byte ('\0') is encountered during processing, which may lead to unsafe behavior if Bison is utilized with untrusted input. While the issue primarily manifests as a crash in Bison itself, the specifics may vary depending on the compiler and architecture used. Mitigating actions should be taken when processing potentially malicious data to avoid exploitation of this vulnerability.",Gnu,Bison,5.5,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2020-08-25T13:45:01.000Z,0
CVE-2020-14150,https://securityvulnerability.io/vulnerability/CVE-2020-14150,Denial of Service Vulnerability in GNU Bison by GNU,"A vulnerability in GNU Bison prior to version 3.5.4 allows malicious actors to exploit a flaw that leads to application crashes. This vulnerability materializes only when Bison processes untrusted input, combined with a specific compiler or architecture that triggers the bug. The behavior observed suggests an inherent instability within Bison itself rather than in the output code generated. Users of Bison must exercise caution, especially in environments where untrusted inputs may be encountered.",Gnu,Bison,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-15T16:52:10.000Z,0