Lucene search
Veracode Vulnerability DatabaseVERACODE:33495HistoryDec 31, 2021 - 10:04 p.m.
Denial Of Service (DoS)
2021-12-3122:04:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
cflow vulnerability
use-after-free
denial of service
pointer variable
EPSS
0.001
Percentile
31.1%
cflow is vulnerable to denial of service. The vulnerability exists due to a Use-after-Free via the pointer variable caller->callee in cflow in the void call(char *name, int line) function at src/parser.c.
References
github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284
lists.fedoraproject.org/archives/list/[email protected]/message/BLSXGFK2NYPCJMPHSHE3W56ZU3ZO6RD7/
lists.fedoraproject.org/archives/list/[email protected]/message/FZTTKZX274BVFZX7TMPEZG6UWL6UPMQF/
lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
security-tracker.debian.org/tracker/CVE-2020-23856
Related
openvas
openvas
Fedora: Security Advisory for cflow (FEDORA-2021-e8cab459ab)
2021-06-03 00:00:00
Fedora: Security Advisory for cflow (FEDORA-2021-6ef76430d0)
2021-06-03 00:00:00
debiancve
debiancve
CVE-2020-23856
2021-05-18 15:15:07
prion
prion
Design/Logic Flaw
2021-05-18 15:15:00
fedora
fedora
[SECURITY] Fedora 33 Update: cflow-1.6-8.fc33
2021-06-01 01:05:51
[SECURITY] Fedora 34 Update: cflow-1.6-8.fc34
2021-06-01 01:04:18
cvelist
cvelist
CVE-2020-23856
2021-05-18 14:41:03
ubuntucve
ubuntucve
CVE-2020-23856
2021-05-18 00:00:00
cve
cve
CVE-2020-23856
2021-05-18 15:15:07
nvd
nvd
CVE-2020-23856
2021-05-18 15:15:07