CVE-2006-0459
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.038 Low
EPSS
Percentile
92.0%
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| westes:flex | westes flex | le | 2.5.32 |
References
prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download
secunia.com/advisories/19071
secunia.com/advisories/19126
secunia.com/advisories/19228
secunia.com/advisories/19424
securityreason.com/securityalert/570
sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce
www.gentoo.org/security/en/glsa/glsa-200603-07.xml
www.osvdb.org/23440
www.securityfocus.com/bid/16896
www.us.debian.org/security/2006/dsa-1020
www.vupen.com/english/advisories/2006/0770
exchange.xforce.ibmcloud.com/vulnerabilities/24995
usn.ubuntu.com/260-1/
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.038 Low
EPSS
Percentile
92.0%