Skip to content

fix(capstone): CVE-2025-67873, CVE-2025-68114#2

Merged
Zeno-sole merged 1 commit into
masterfrom
fix/CVE-2025-67873-multi
Jun 3, 2026
Merged

fix(capstone): CVE-2025-67873, CVE-2025-68114#2
Zeno-sole merged 1 commit into
masterfrom
fix/CVE-2025-67873-multi

Conversation

@deepin-ci-robot

Copy link
Copy Markdown
Contributor

CVE Security Fixes

This PR fixes the following security vulnerabilities:

CVE-2025-67873 (Medium)

Heap buffer overflow in skipdata handling

In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path.

CVE-2025-68114 (Medium)

Stack buffer underflow/overflow in SStream_concat

In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream's index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs.

Changes

  • Added two security patches to debian/patches/
  • Updated debian/patches/series
  • Updated debian/changelog

Generated-By: glm-5.1

@deepin-ci-robot

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qaqland for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions

Copy link
Copy Markdown

TAG Bot

TAG: 5.0.3-1deepin1
EXISTED: no
DISTRIBUTION: unstable

deepin-ci-robot added a commit that referenced this pull request May 27, 2026
The previous commit truncated changelog from 301 lines to 20 lines.
This commit restores the complete changelog history while keeping
the new CVE fix entry at the top.

Upstream: #2
Generated-By: uos/glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
…underflow

Fix two vulnerabilities in capstone disassembly framework:

CVE-2025-67873: heap buffer overflow in skipdata handling
CVE-2025-68114: stack buffer underflow/overflow in SStream_concat

Upstream: capstone-engine/capstone@53f18b5
Upstream: capstone-engine/capstone@782b475
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot deepin-ci-robot force-pushed the fix/CVE-2025-67873-multi branch from 093b803 to 6a95783 Compare May 27, 2026 03:25
@hudeng-go

Copy link
Copy Markdown
Contributor

/integrate

@github-actions

Copy link
Copy Markdown

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#4086
PrNumber: 4086
PrBranch: auto-integration-26488983124

@Zeno-sole Zeno-sole merged commit 65b1500 into master Jun 3, 2026
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants