Back to search
CVE-2006-0459
Published: Mar 29, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download
x_refsource_CONFIRM
23440
vdb-entry
x_refsource_OSVDB
DSA-1020
vendor-advisory
x_refsource_DEBIAN
ADV-2006-0770
vdb-entry
x_refsource_VUPEN
19071
third-party-advisory
x_refsource_SECUNIA
16896
vdb-entry
x_refsource_BID
flex-bypass-security(24995)
vdb-entry
x_refsource_XF
GLSA-200603-07
vendor-advisory
x_refsource_GENTOO
19228
third-party-advisory
x_refsource_SECUNIA
19424
third-party-advisory
x_refsource_SECUNIA
570
third-party-advisory
x_refsource_SREASON
19126
third-party-advisory
x_refsource_SECUNIA
USN-260-1
vendor-advisory
x_refsource_UBUNTU
[flex-announce] 20060222 flex 2.5.33 released
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now