3 matches found
CVE-2016-6354
CVE-2016-6354 describes a heap-based buffer overflow in the yy_get_next_buffer function of Flex, before version 2.6.1. The vulnerability could allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Connected advisories ...
CVE-2019-6293
CVE-2019-6293 affects the Flex package (version 2.6.4) via a stack exhaustion fault in the function mark_beginning_as_normal() within nfa.c. In scenarios with many '*' characters, recursive calls can cause denial-of-service locally or remotely depending on the deployment context, as described in ...
CVE-2006-0459
CVE-2006-0459 affects the Fast Lexical Analyzer Generator (flex) before version 2.5.33. The issue is a memory allocation fault when processing grammars that contain REJECT statements or trailing context rules, causing generated code to contain a buffer overflow. This could allow context-dependent...