Vulnerabilites related to westes - flex
CVE-2019-6293 (GCVE-0-2019-6293)
Vulnerability from cvelistv5
Published
2019-01-15 00:00
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/westes/flex/issues/414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of \u0027*\u0027 characters. Remote attackers could leverage this vulnerability to cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/westes/flex/issues/414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of \u0027*\u0027 characters. Remote attackers could leverage this vulnerability to cause a denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/westes/flex/issues/414",
"refsource": "MISC",
"url": "https://github.com/westes/flex/issues/414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6293",
"datePublished": "2019-01-15T00:00:00Z",
"dateReserved": "2019-01-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:16.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0459 (GCVE-0-2006-0459)
Vulnerability from cvelistv5
Published
2006-03-29 23:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download"
},
{
"name": "23440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23440"
},
{
"name": "DSA-1020",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1020"
},
{
"name": "ADV-2006-0770",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0770"
},
{
"name": "19071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19071"
},
{
"name": "16896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16896"
},
{
"name": "flex-bypass-security(24995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995"
},
{
"name": "GLSA-200603-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml"
},
{
"name": "19228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19228"
},
{
"name": "19424",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19424"
},
{
"name": "570",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/570"
},
{
"name": "19126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19126"
},
{
"name": "USN-260-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/260-1/"
},
{
"name": "[flex-announce] 20060222 flex 2.5.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org\u0026forum_name=flex-announce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download"
},
{
"name": "23440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23440"
},
{
"name": "DSA-1020",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1020"
},
{
"name": "ADV-2006-0770",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0770"
},
{
"name": "19071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19071"
},
{
"name": "16896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16896"
},
{
"name": "flex-bypass-security(24995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995"
},
{
"name": "GLSA-200603-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml"
},
{
"name": "19228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19228"
},
{
"name": "19424",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19424"
},
{
"name": "570",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/570"
},
{
"name": "19126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19126"
},
{
"name": "USN-260-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/260-1/"
},
{
"name": "[flex-announce] 20060222 flex 2.5.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org\u0026forum_name=flex-announce"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-0459",
"datePublished": "2006-03-29T23:00:00",
"dateReserved": "2006-01-27T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6354 (GCVE-0-2016-6354)
Vulnerability from cvelistv5
Published
2016-09-21 14:00
Modified
2024-08-06 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160718 CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/8"
},
{
"name": "[oss-security] 20160726 Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466"
},
{
"name": "DSA-3653",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3653"
},
{
"name": "GLSA-201701-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-12T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160718 CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/8"
},
{
"name": "[oss-security] 20160726 Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466"
},
{
"name": "DSA-3653",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3653"
},
{
"name": "GLSA-201701-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160718 CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/8"
},
{
"name": "[oss-security] 20160726 Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/12"
},
{
"name": "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466",
"refsource": "CONFIRM",
"url": "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466"
},
{
"name": "DSA-3653",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3653"
},
{
"name": "GLSA-201701-31",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6354",
"datePublished": "2016-09-21T14:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-03-29 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download | Product | |
| secalert@redhat.com | http://secunia.com/advisories/19071 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/19126 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/19228 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/19424 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://securityreason.com/securityalert/570 | Third Party Advisory | |
| secalert@redhat.com | http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce | Release Notes | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml | Third Party Advisory | |
| secalert@redhat.com | http://www.osvdb.org/23440 | Broken Link, Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/16896 | Patch, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.us.debian.org/security/2006/dsa-1020 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/0770 | Broken Link, URL Repurposed | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/24995 | VDB Entry | |
| secalert@redhat.com | https://usn.ubuntu.com/260-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19071 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19126 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19228 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19424 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/570 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/23440 | Broken Link, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/16896 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us.debian.org/security/2006/dsa-1020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/0770 | Broken Link, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/24995 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/260-1/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0145625-8490-4671-A17C-85426C258AF9",
"versionEndIncluding": "2.5.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code."
}
],
"id": "CVE-2006-0459",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-29T23:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19071"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19126"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19228"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19424"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/570"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org\u0026forum_name=flex-announce"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/23440"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/16896"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.us.debian.org/security/2006/dsa-1020"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://www.vupen.com/english/advisories/2006/0770"
},
{
"source": "secalert@redhat.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/260-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org\u0026forum_name=flex-announce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/23440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/16896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.us.debian.org/security/2006/dsa-1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://www.vupen.com/english/advisories/2006/0770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/260-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable.\n",
"lastModified": "2006-08-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 00:29
Modified
2024-11-21 04:46
Severity ?
Summary
An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/westes/flex/issues/414 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/westes/flex/issues/414 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:westes:flex:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "102A6858-CA8E-4679-9806-0851B19327EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of \u0027*\u0027 characters. Remote attackers could leverage this vulnerability to cause a denial-of-service."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en la funci\u00f3n mark_beginning_as_normal en nfa.c en la versi\u00f3n 2.6.4 de flex. Hay un problema de agotamiento de pila causado por la funci\u00f3n mark_beginning_as_normal, haciendo llamadas recursivas a s\u00ed misma en ciertos casos que implican el uso frecuente de caracteres \u0027*\u0027. Atacantes remotos pueden explotar esta vulnerabilidad para provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-6293",
"lastModified": "2024-11-21T04:46:23.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T00:29:00.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/westes/flex/issues/414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/westes/flex/issues/414"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-21 14:25
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3653 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/07/18/8 | Release Notes, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/07/26/12 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 | Patch | |
| cve@mitre.org | https://security.gentoo.org/glsa/201701-31 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3653 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/07/18/8 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/07/26/12 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-31 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| westes | flex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCADB986-7D3F-4E57-B982-08800DD34F0F",
"versionEndIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podr\u00eda permitir a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran num_to_read."
}
],
"id": "CVE-2016-6354",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-21T14:25:20.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3653"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}