CVE-2025-67873
Heap Buffer Overflow in Capstone Disassembly Framework Skipdata Handling
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| capstone | disassembly_framework | 6.0.0-alpha5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Capstone disassembly framework with skipdata enabled and a user-defined skipdata callback that returns a length exceeding the 24-byte buffer size, which triggers the heap buffer overflow. Specifically, running test cases similar to those added in the fix, such as forcing the skipdata path with an invalid opcode (e.g., 0x06 for WASM architecture) and a large buffer (e.g., 1024 bytes), can reveal the overflow. Using tools like AddressSanitizer (ASan) during these tests can detect heap buffer overflows. While no specific network commands are provided, you can run the provided test functions `test_overflow_cs_insn_bytes()` and `test_overflow_cs_insn_bytes_iter()` from the Capstone test suite or create a custom test harness that invokes `cs_disasm` or `cs_disasm_iter` with a skipdata callback returning large skipdata lengths. Example commands would involve compiling Capstone with ASan enabled and running these tests or custom scripts that disassemble crafted input triggering the skipdata path. [1, 2]
Can you explain this vulnerability to me?
This vulnerability exists in the Capstone disassembly framework versions 6.0.0-Alpha5 and earlier. It occurs because the length of skipdata is not properly bounds-checked. As a result, a user-provided skipdata callback can cause the functions cs_disasm or cs_disasm_iter to copy more than 24 bytes into the cs_insn.bytes buffer, leading to a heap buffer overflow during the disassembly process.
How can this vulnerability impact me? :
The heap buffer overflow caused by this vulnerability can lead to memory corruption, which may result in application crashes, unexpected behavior, or potentially allow an attacker to execute arbitrary code or escalate privileges within the context of the application using the Capstone framework.
What immediate steps should I take to mitigate this vulnerability?
Update Capstone to a version later than 6.0.0-Alpha5 that includes the fix from commit cbef767ab33b82166d263895f24084b75b316df3 to prevent the heap buffer overflow caused by improper bounds checking in the skipdata callback.