Описание
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| flex | fixed | 2.6.1-1 | package | |
| flex | not-affected | wheezy | package |
Примечания
Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
EPSS
Связанные уязвимости
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso
EPSS