{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-17T21:14:31Z",
  "bugzilla" : {
    "description" : "capstone: Capstone: Memory corruption via unchecked vsnprintf return",
    "id" : "2423416",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2423416"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.", "A flaw was found in Capstone, a disassembly framework. An unchecked return value from vsnprintf within the SStream_concat function allows a malicious input to manipulate the internal stream index. This can lead to a stack buffer underflow or overflow, potentially enabling a local attacker to achieve information disclosure, alter data, or cause a denial of service." ],
  "statement" : "This vulnerability is rated Moderate as an unchecked `vsnprintf` return in Capstone's `SStream_concat` function can lead to stack buffer underflow or overflow. Exploitation requires local access and user interaction. This affects Capstone and other components in Red Hat Enterprise Linux, OpenShift Container Platform, and Community Projects.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-04-07T00:00:00Z",
    "advisory" : "RHSA-2026:6817",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "capstone-0:5.0.1-7.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-03-23T00:00:00Z",
    "advisory" : "RHSA-2026:5224",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "capstone-0:5.0.1-7.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4898",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "capstone-0:4.0.2-11.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:13923",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "capstone-0:4.0.2-5.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-03-19T00:00:00Z",
    "advisory" : "RHSA-2026:5123",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "capstone-0:4.0.2-11.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-03-19T00:00:00Z",
    "advisory" : "RHSA-2026:5125",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "capstone-0:4.0.2-11.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-03-19T00:00:00Z",
    "advisory" : "RHSA-2026:5124",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "capstone-0:4.0.2-11.el9_6"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-01T00:00:00Z",
    "advisory" : "RHSA-2026:12781",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "capstone-main-5.0.7-0.1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "ruby",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "rust",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "ruby:3.3/ruby",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "ruby:3.3/ruby",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "rust",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-68114\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68114\nhttps://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e\nhttps://github.com/capstone-engine/capstone/security/advisories/GHSA-85f5-6xr3-q76r" ],
  "name" : "CVE-2025-68114",
  "csaw" : false
}