CVE-2025-68114
Unknown Unknown - Not Provided

Stack Buffer Overflow in Capstone SStream_concat via vsnprintf

Vulnerability report for CVE-2025-68114, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-17

Last updated on: 2025-12-18

Assigner: GitHub, Inc.

Description

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-17
Last Modified
2025-12-18
Generated
2026-07-06
AI Q&A
2025-12-18
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
capstone capstone 6.0.0-alpha5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-124 The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Capstone versions 6.0.0-Alpha5 and prior involves an unchecked return value from the vsnprintf function in SStream_concat. A malicious use of cs_opt_mem.vsnprintf can cause SStream's index to become negative or exceed its bounds, leading to a stack buffer underflow or overflow when subsequent writes occur.

Impact Analysis

The vulnerability can lead to a stack buffer underflow or overflow, which may allow an attacker with limited privileges to cause memory corruption. This can potentially result in information disclosure, integrity compromise, or denial of service.

Mitigation Strategies

Update Capstone to a version later than 6.0.0-Alpha5 that includes the fix from commit 2c7797182a1618be12017d7d41e0b6581d5d529e to prevent the stack buffer underflow/overflow issue.

Detection Guidance

This vulnerability can be detected by compiling Capstone with AddressSanitizer (ASan) instrumentation and running a test program that uses a custom vsnprintf function returning -1 to trigger the stack buffer underflow/overflow. The test function 'test_underflow_in_sstream' simulates this condition and can reveal crashes or memory corruption indicative of the vulnerability. Specifically, you can build Capstone with ASan enabled (e.g., using clang with -fsanitize=address) and run the provided proof-of-concept or test code that exercises the SStream_concat function with a malicious cs_vsnprintf implementation. There are no specific network detection commands since the vulnerability is local and requires local code execution or plugin loading. Example commands might include: 1) Cloning the Capstone repo and checking out the vulnerable version. 2) Compiling with ASan: `clang -fsanitize=address -g -o test test.c` 3) Running the test executable to observe crashes. This approach detects the vulnerability by triggering the unsafe behavior during execution rather than network scanning. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart