Fast Lexical Analyzer Generator (Flex) Multiple Lexicographical Scanners Overflow

2006-02-22T17:44:53
ID OSVDB:23440
Type osvdb
Reporter OSVDB
Modified 2006-02-22T17:44:53

Description

Vulnerability Description

Fast Lexical Analyzer Generator (Flex) contains a flaw that may allow arbitrary code execution. The issue is due to a buffer overflow in a particular class of lexicographical scanners generated by flex.

It is unclear if there are additional vulnerabilities.

Solution Description

Upgrade to version 2.5.33 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Fast Lexical Analyzer Generator (Flex) contains a flaw that may allow arbitrary code execution. The issue is due to a buffer overflow in a particular class of lexicographical scanners generated by flex.

It is unclear if there are additional vulnerabilities.

References:

Vendor URL: http://flex.sourceforge.net/ Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:19071 Secunia Advisory ID:19126 Secunia Advisory ID:19228 Secunia Advisory ID:19424 Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1020 Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2006-02/0022.html CVE-2006-0459