CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2789 – GNU cflow parser.c parse_variable_declaration denial of service
https://notcve.org/view.php?id=CVE-2023-2789
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. • https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md https://github.com/DaisyPo/fuzzing-vulncollect/files/11343936/poc-file.zip https://vuldb.com/?ctiid.229373 https://vuldb.com/?id.229373 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2020-23856
https://notcve.org/view.php?id=CVE-2020-23856
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en el programa cflow versión 1.6 en la función void call(char*name, int line) en el archivo src/parser.c, que podría causar una denegación de servicio por medio de la variable de puntero caller-)callee • https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BLSXGFK2NYPCJMPHSHE3W56ZU3ZO6RD7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZTTKZX274BVFZX7TMPEZG6UWL6UPMQF https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16165
https://notcve.org/view.php?id=CVE-2019-16165
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. GNU cflow versiones hasta 1.6, presenta un uso de la memoria previamente liberada de la función reference en el archivo parser.c. • https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16166
https://notcve.org/view.php?id=CVE-2019-16166
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. GNU cflow versiones hasta 1.6, presenta una lectura excesiva del búfer en la región heap de la memoria en la función nexttoken en el archivo parser.c. • https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html • CWE-125: Out-of-bounds Read •