Lucene search

K

PRIOn knowledge basePRION:CVE-2006-0459

HistoryMar 29, 2006 - 11:02 p.m.

Buffer overflow

2006-03-2923:02:00

PRIOn knowledge base

www.prio-n.com

3

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

CPENameOperatorVersion
flexle2.5.32

References

prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download

secunia.com/advisories/19071

secunia.com/advisories/19126

secunia.com/advisories/19228

secunia.com/advisories/19424

securityreason.com/securityalert/570

sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce

www.gentoo.org/security/en/glsa/glsa-200603-07.xml

www.osvdb.org/23440

www.securityfocus.com/bid/16896

www.us.debian.org/security/2006/dsa-1020

www.vupen.com/english/advisories/2006/0770

exchange.xforce.ibmcloud.com/vulnerabilities/24995

usn.ubuntu.com/260-1/

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

Related for PRION:CVE-2006-0459

securityvulns1 ubuntu1 nessus3 redhatcve1 cve2 openvas4 osv1 debian1 gentoo1 debiancve1 ubuntucve1