vulnerability

Amazon Linux 2023: CVE-2021-33641: Important priority package update for byacc

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:M/Au:N/C:N/I:P/A:P)	May 28, 2022	Feb 17, 2025	Jul 9, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:P/A:P)

Published

May 28, 2022

Added

Feb 17, 2025

Modified

Jul 9, 2025

Description

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).
A use-after-free flaw was found in the byacc package. When processing a specially crafted file, malloc incorrectly accesses the released memory.

Solutions

amazon-linux-2023-upgrade-byaccamazon-linux-2023-upgrade-byacc-debuginfoamazon-linux-2023-upgrade-byacc-debugsource

References

CVE-2021-33641
https://attackerkb.com/topics/CVE-2021-33641
URL-https://alas.aws.amazon.com/AL2023/ALAS-2023-204.html
CWE-416

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today