Cflow Security Vulnerabilities and Issues — Cflow CVE List

Lucene search

GnuCflow

6 matches found

CVE•added 2021/05/18 3:15 p.m.•55 views

CVE-2020-23856

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

5.5CVSS5.3AI score0.00113EPSS

CVE•added 2019/09/09 5:15 p.m.•45 views

CVE-2019-16166

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

6.5CVSS6.5AI score0.00513EPSS

CVE•added 2019/09/09 5:15 p.m.•44 views

CVE-2019-16165

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

6.5CVSS6.3AI score0.00516EPSS

CVE•added 2023/05/18 1:15 p.m.•42 views

CVE-2023-2789

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-2293...

7.5CVSS5.5AI score0.00209EPSS

CVE•added 2025/08/08 7:15 p.m.•10 views

CVE-2025-8736

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

5.3CVSS5.3AI score0.00014EPSS

CVE•added 2025/08/08 7:15 p.m.•9 views

CVE-2025-8735

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the ...

4.8CVSS3.9AI score0.00014EPSS