keystone

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight multi-platform, multi-architecture assembler framework
Version 0.9.2-3 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2117 0.9.2-2 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-36405 AVG-2117 Medium Yes Arbitrary code execution
Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
CVE-2020-36404 AVG-2117 Medium Yes Arbitrary code execution
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1979 0.9.2-1 Medium Not affected
Issue Group Severity Remote Type Description
CVE-2021-3563 AVG-1979 Medium Yes Private key recovery
Keystone only verifies part of the secret - the first 72 characters. Additional complexity is ignored, giving users an inflated sense of security. Default...