Amazon Linux 2023 Security Advisory: ALAS2023-2026-1372
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-05
Severity:
Medium
Issue Overview:
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue. (CVE-2025-67873)
Affected Packages:
capstone
Issue Correction:
Run dnf update capstone --releasever 2023.10.20260202 or dnf update --advisory ALAS2023-2026-1372 --releasever 2023.10.20260202 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
capstone-devel-4.0.2-9.amzn2023.0.4.aarch64
python3-capstone-debuginfo-4.0.2-9.amzn2023.0.4.aarch64
capstone-4.0.2-9.amzn2023.0.4.aarch64
capstone-debugsource-4.0.2-9.amzn2023.0.4.aarch64
capstone-debuginfo-4.0.2-9.amzn2023.0.4.aarch64
python3-capstone-4.0.2-9.amzn2023.0.4.aarch64
noarch:
capstone-java-4.0.2-9.amzn2023.0.4.noarch
src:
capstone-4.0.2-9.amzn2023.0.4.src
x86_64:
python3-capstone-debuginfo-4.0.2-9.amzn2023.0.4.x86_64
capstone-devel-4.0.2-9.amzn2023.0.4.x86_64
capstone-debuginfo-4.0.2-9.amzn2023.0.4.x86_64
capstone-debugsource-4.0.2-9.amzn2023.0.4.x86_64
capstone-4.0.2-9.amzn2023.0.4.x86_64
python3-capstone-4.0.2-9.amzn2023.0.4.x86_64