flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
References
Link | Resource |
---|---|
http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download | Product |
http://secunia.com/advisories/19071 | Patch Vendor Advisory |
http://secunia.com/advisories/19126 | Vendor Advisory |
http://secunia.com/advisories/19228 | Vendor Advisory |
http://secunia.com/advisories/19424 | Patch Vendor Advisory |
http://securityreason.com/securityalert/570 | Third Party Advisory |
http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce | Release Notes |
http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml | Third Party Advisory |
http://www.osvdb.org/23440 | Broken Link Patch |
http://www.securityfocus.com/bid/16896 | Patch Third Party Advisory VDB Entry |
http://www.us.debian.org/security/2006/dsa-1020 | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2006/0770 | Broken Link URL Repurposed |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24995 | VDB Entry |
https://usn.ubuntu.com/260-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2006-03-29T23:00:00
Updated: 2018-10-03T20:57:01
Reserved: 2006-01-27T00:00:00
Link: CVE-2006-0459
JSON object: View
NVD Information
Status : Analyzed
Published: 2006-03-29T23:02:00.000
Modified: 2023-10-06T17:23:19.257
Link: CVE-2006-0459
JSON object: View
Redhat Information
No data.
CWE