Skip to content

[v6] Backport CVE-2025-68114: Merge commit from fork#2902

Closed
vulgraph wants to merge 1 commit intocapstone-engine:v6from
vulgraph:backport/CVE-2025-68114-v6
Closed

[v6] Backport CVE-2025-68114: Merge commit from fork#2902
vulgraph wants to merge 1 commit intocapstone-engine:v6from
vulgraph:backport/CVE-2025-68114-v6

Conversation

@vulgraph
Copy link
Copy Markdown

@vulgraph vulgraph commented Apr 22, 2026

Backport of upstream fix for CVE-2025-68114 to v6.

  • Upstream commit: 2c7797182a — Merge commit from fork
  • Cherry-picked with git cherry-pick -x (original author preserved).

Apply was clean against the current tip of the target branch. No code changes on top of the upstream fix.

@Rot127 @vulgraph
Merge commit from fork
94949c7 
* Check return value of cs_vsnprintf for negative values.

This prevents underflow of SStream.index.
This bug was reported by Github user Finder16.

* Add overflow check before adding cs_vsnprintf return value.

(cherry picked from commit 2c77971)
@github-actions github-actions Bot added the CS-core-files auto-sync label Apr 22, 2026
@Rot127
Copy link
Copy Markdown
Collaborator

Rot127 commented Apr 24, 2026

That branch is no longer in use really.
While the Alpha2 release points to it, we moved on since then to pin releases to the next branch again as before.
And in that one it is fixed with a full report.

@Rot127 Rot127 closed this Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CS-core-files auto-sync

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vulgraph @Rot127