CVE-2019-6293
https://notcve.org/view.php?id=CVE-2019-6293
An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. Se ha descubierto un problema en la función mark_beginning_as_normal en nfa.c en la versión 2.6.4 de flex. Hay un problema de agotamiento de pila causado por la función mark_beginning_as_normal, haciendo llamadas recursivas a sí misma en ciertos casos que implican el uso frecuente de caracteres '*'. • https://github.com/westes/flex/issues/414 • CWE-674: Uncontrolled Recursion •
CVE-2016-6354
https://notcve.org/view.php?id=CVE-2016-6354
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Desbordamiento de búfer basado en memoria dinámica en la función yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podría permitir a atacantes dependientes de contexto provocar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores que involucran num_to_read. • http://www.debian.org/security/2016/dsa-3653 http://www.openwall.com/lists/oss-security/2016/07/18/8 http://www.openwall.com/lists/oss-security/2016/07/26/12 https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 https://security.gentoo.org/glsa/201701-31 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-0459
https://notcve.org/view.php?id=CVE-2006-0459
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code. • http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download http://secunia.com/advisories/19071 http://secunia.com/advisories/19126 http://secunia.com/advisories/19228 http://secunia.com/advisories/19424 http://securityreason.com/securityalert/570 http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml http://www.osvdb.org/23440 http://www.securit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •