Published: 29/03/2006 Updated: 06/10/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) prior to 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent malicious users to execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
westes flex

Chris Moore discovered a buffer overflow in a particular class of lexicographical scanners generated by flex This could be exploited to execute arbitrary code by processing specially crafted user-defined input to an application that uses a flex scanner for parsing ...

CWE-119 http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download http://www.us.debian.org/security/2006/dsa-1020 http://www.securityfocus.com/bid/16896 http://www.osvdb.org/23440 http://secunia.com/advisories/19071 http://secunia.com/advisories/19424 http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml http://secunia.com/advisories/19126 http://secunia.com/advisories/19228 http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce http://securityreason.com/securityalert/570 http://www.vupen.com/english/advisories/2006/0770 https://exchange.xforce.ibmcloud.com/vulnerabilities/24995 https://usn.ubuntu.com/260-1/https://usn.ubuntu.com/260-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0459

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect