flex vulnerability

2006-03-0700:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.038 Low

EPSS

Percentile

91.9%

JSON

Releases

Ubuntu 5.10
Ubuntu 5.04
Ubuntu 4.10

Details

Chris Moore discovered a buffer overflow in a particular class of
lexicographical scanners generated by flex. This could be exploited to
execute arbitrary code by processing specially crafted user-defined
input to an application that uses a flex scanner for parsing.

This flaw particularly affects gpc, the GNU Pascal Compiler. A
potentially remote attacker could exploit this by tricking an user or
automated system into compiling a specially crafted Pascal source code
file.

Please note that gpc is not officially supported in Ubuntu (it is in
the ‘universe’ component of the archive). However, this affects you if
you use a customized version built from the gcc-3.3 or gcc-3.4 source
package (which is supported).

OSVersionArchitecturePackageVersionFilename
Ubuntu5.10noarchflex< *UNKNOWN
Ubuntu5.10noarchgpc-2.1-3.4< *UNKNOWN
Ubuntu5.10noarchgpc-2.1-3.3< *UNKNOWN
Ubuntu5.04noarchflex< *UNKNOWN
Ubuntu5.04noarchgpc-2.1-3.4< *UNKNOWN
Ubuntu5.04noarchgpc-2.1-3.3< *UNKNOWN
Ubuntu4.10noarchflex< *UNKNOWN
Ubuntu4.10noarchgpc-2.1-3.4< *UNKNOWN
Ubuntu4.10noarchgpc-2.1-3.3< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.10	noarch	flex	< *	UNKNOWN
Ubuntu	5.10	noarch	gpc-2.1-3.4	< *	UNKNOWN
Ubuntu	5.10	noarch	gpc-2.1-3.3	< *	UNKNOWN
Ubuntu	5.04	noarch	flex	< *	UNKNOWN
Ubuntu	5.04	noarch	gpc-2.1-3.4	< *	UNKNOWN
Ubuntu	5.04	noarch	gpc-2.1-3.3	< *	UNKNOWN
Ubuntu	4.10	noarch	flex	< *	UNKNOWN
Ubuntu	4.10	noarch	gpc-2.1-3.4	< *	UNKNOWN
Ubuntu	4.10	noarch	gpc-2.1-3.3	< *	UNKNOWN