CNNVD-202512-3174 Information

CNNVD ID

CNNVD-202512-3174

Related CVE

CVE-2025-68114

• CNNVD Published: 2025-12-17

Description (Chinese)

Capstone是美国Capstone公司的一套跨平台的反汇编框架，它可支持用于二进制分析和安全通讯反向工程等。 Capstone 6.0.0-Alpha5及之前版本存在安全漏洞，该漏洞源于SStream_concat中未检查vsnprintf返回值，可能导致栈缓冲区下溢或溢出。

Description (English)

Capstone is a cross-platform counter-compilation framework for the United States company Capstone that supports, for example, binary analysis and secure communications reverse engineering. There is a security loophole in Capstone 6.0.0-Alpha5 and earlier versions, which stems from the failure to check the return value of vsnprintf in Stream concat, which could lead to spills down or out of the fence.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Capstone

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e https://github.com/capstone-engine/capstone/security/advisories/GHSA-85f5-6xr3-q76r