keystone

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Lightweight multi-platform, multi-architecture assembler framework
Version	0.9.2-6 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2117	0.9.2-2		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2020-36405	AVG-2117	Medium	Yes	Arbitrary code execution	Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
CVE-2020-36404	AVG-2117	Medium	Yes	Arbitrary code execution	Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1979	0.9.2-1		Medium	Not affected

Issue	Group	Severity	Remote	Type	Description
CVE-2021-3563	AVG-1979	Medium	Yes	Private key recovery	Keystone only verifies part of the secret - the first 72 characters. Additional complexity is ignored, giving users an inflated sense of security. Default...