CVE-2025-68114

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68114
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68114.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68114
Aliases
  • GHSA-85f5-6xr3-q76r
Downstream
Published
2025-12-17T21:14:31.226Z
Modified
2026-01-04T13:50:33.366756Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow
Details

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csopt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-120",
        "CWE-124"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68114.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/capstone-engine/capstone

Affected ranges

Type
GIT
Repo
https://github.com/capstone-engine/capstone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2c7797182a1618be12017d7d41e0b6581d5d529e

Affected versions

1.*
1.0
2.*
2.0
2.0-rc1
2.1
2.1-rc1
2.1.1
2.1.2
3.*
3.0
3.0-rc1
3.0-rc2
3.0-rc3
3.0.1
3.0.1-rc1
3.0.1-rc2
3.0.2
4.*
4.0-alpha1
4.0-alpha2
6.*
6.0.0-Alpha1
6.0.0-Alpha3
6.0.0-Alpha4
6.0.0-Alpha5

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2025-68114-4a039f54",
        "target": {
            "file": "tests/unit/include/unit_test.h"
        },
        "digest": {
            "line_hashes": [
                "38183512480943367621915465734839263480",
                "179056925853330904306037807417288304673",
                "156955737411414667375753507208202176786",
                "35542490554786979523313654169079774015"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e"
    },
    {
        "id": "CVE-2025-68114-5b6fd1e1",
        "target": {
            "file": "SStream.h"
        },
        "digest": {
            "line_hashes": [
                "104799443181680666571220090827433126101",
                "145749487541825035222504241676669124560",
                "272480164307369866905527421015921909006",
                "232719784416819949372085967004347915752"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e"
    },
    {
        "id": "CVE-2025-68114-b6529f60",
        "target": {
            "file": "tests/unit/sstream.c"
        },
        "digest": {
            "line_hashes": [
                "26580799822513680810900071855432266443",
                "272491423694404427872882383680314605773",
                "122546753726241026889451074095444852957",
                "7451917664364825780596204956858144685",
                "193528195158813550690072624422728662671",
                "23233932794032932727549210811757876274",
                "278501653130094257636890085876297442158"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e"
    },
    {
        "id": "CVE-2025-68114-c0484747",
        "target": {
            "file": "SStream.c",
            "function": "SStream_concat"
        },
        "digest": {
            "length": 568.0,
            "function_hash": "200822371892265313599121659825426363866"
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e"
    },
    {
        "id": "CVE-2025-68114-c72022e8",
        "target": {
            "file": "tests/unit/sstream.c",
            "function": "main"
        },
        "digest": {
            "length": 537.0,
            "function_hash": "276332624018350905365492612971771323355"
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e"
    },
    {
        "id": "CVE-2025-68114-f8076c96",
        "target": {
            "file": "SStream.c"
        },
        "digest": {
            "line_hashes": [
                "186233073925322802491837053965931420149",
                "332968745551372891548853607419313225041",
                "208872343785869807590490152485531481876",
                "112234655490822411310640889670600863614"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68114.json"