Описание
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.6.1-1 |
| bionic | not-affected | 2.6.1-1 |
| cosmic | not-affected | 2.6.1-1 |
| devel | not-affected | 2.6.1-1 |
| disco | not-affected | 2.6.1-1 |
| eoan | not-affected | 2.6.1-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.5.35-10.1ubuntu2]] |
| esm-infra/bionic | not-affected | 2.6.1-1 |
| esm-infra/focal | not-affected | 2.6.1-1 |
| esm-infra/xenial | needed |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
Heap-based buffer overflow in the yy_get_next_buffer function in Flex ...
Security update for flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3