CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6293
https://notcve.org/view.php?id=CVE-2019-6293
15 Jan 2019 — An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. Se ha descubierto un problema en la función mark_beginning_as_normal en nfa.c en la versión 2.6.4 de flex. Hay un problema de agotamiento de pila causado por la función m... • https://github.com/westes/flex/issues/414 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 0CVE-2016-6354 – Gentoo Linux Security Advisory 201701-31
https://notcve.org/view.php?id=CVE-2016-6354
21 Sep 2016 — Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Desbordamiento de búfer basado en memoria dinámica en la función yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podría permitir a atacantes dependientes de contexto provocar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores que involucran... • http://www.debian.org/security/2016/dsa-3653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2006-0459
https://notcve.org/view.php?id=CVE-2006-0459
29 Mar 2006 — flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code. • http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •