CVE-2020-11958

Опубликовано: 21 апр. 2020

Источник: debian

EPSS Низкий

Описание

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

Пакет	Статус	Версия исправления	Релиз	Тип
re2c	fixed	1.3-2		package
re2c	not-affected		buster	package
re2c	not-affected		stretch	package
re2c	not-affected		jessie	package

http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/
Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2)
Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2)
https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070
Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a

EPSS

Процентиль: 64%

0.00462

Низкий

CVE-2020-11958

CVSS3: 7.8

ubuntu

почти 6 лет назад

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

CVE-2020-11958

CVSS3: 2.8

redhat

почти 6 лет назад

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

CVE-2020-11958

CVSS3: 7.8

nvd

почти 6 лет назад

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

GHSA-qvw2-729q-g92x

CVSS3: 7.8

github

больше 3 лет назад

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

EPSS

Процентиль: 64%

0.00462

Низкий