CVE-2025-67873: Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow

Overview

Severity

Medium (CVSS 4.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploit Status

Not Exploited

Patch Tuesday

2025-Dec

Released

2026-01-21

Last Updated

2026-03-04

EPSS Score

0.02% (percentile: 3.9%)

Affected Products (4)

Other

• 20744-17084
• 20822-17084
• 20865-17084
• 20964-17084

Revision History

• 2026-01-21: Information published.
• 2026-02-18: Information published.
• 2026-03-04: Information published.