CVE-2020-23856

CVE-2020-23856 affects GNU cflow version 1.6, where a use-after-free in the function void call(char *name, int line) inside src/parser.c can cause denial of service via the caller->callee pointer. Multiple trusted sources (NVD entry and CNVD/OSV mirrors) confirm the vulnerability’s existence i...

CVE-2019-16165

GNU cflow up to version 1.6 is affected by a use-after-free in the reference function of parser.c, per CVE-2019-16165. Exploitation could lead to denial of service or arbitrary code execution, as described across multiple sources. The issue is tied to memory management in the parser and is presen...

CVE-2019-16166

GNU cflow versions up to 1.6 are affected by a heap-based buffer over-read in the nexttoken function of parser.c (CVE-2019-16166). The issue is documented across multiple sources (NVD, OSV, SUSE, Debian/Ubuntu OSV entries) and consistently references the same core flaw in parser.c. Public referen...

CVE-2023-2789

CVE-2023-2789 affects GNU cflow 1.7. The vulnerability is in parser.c, function func_body/parse_variable_declaration , where manipulation leads to denial of service . Exploit has been disclosed publicly. No patch/version remediation details are provided in the connected documents.