{"id":"AZL-74915","summary":"CVE-2025-67873 affecting package rust 1.90.0-3","details":"Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.","modified":"2026-04-21T04:38:48.313176Z","published":"2025-12-17T22:16:00Z","upstream":["CVE-2025-67873"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67873"}],"affected":[{"package":{"name":"rust","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/rust"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.85.0"},{"last_affected":"1.90.0-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74915.json"}}],"schema_version":"1.7.5"}