Lucene search

MitreCVELIST:CVE-2020-23856

HistoryMay 18, 2021 - 2:41 p.m.

CVE-2020-23856

2021-05-1814:41:03

mitre

www.cve.org

cflow

use-after-free

vulnerability

denial of service

pointer variable

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

References

github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BLSXGFK2NYPCJMPHSHE3W56ZU3ZO6RD7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZTTKZX274BVFZX7TMPEZG6UWL6UPMQF/

lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html