CVE-2006-0459 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Flex

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flex Debian Flex Westes Flex

Timeline

PublishedMar 29

Latest updateMay 1

Description

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDwestes/flex2.5.32

▶debiandebian/flex< flex 2.5.33-1 (bookworm)

▶Debianadobe/flex< 2.5.33-1+3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-c6v8-67cp-6v4p: flex↗2022-05-01

▶

OSV

CVE-2006-0459: flex↗2006-03-29

▶

📋Vendor Advisories

Red Hat

Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)↗2007-02-01

▶

Ubuntu

flex vulnerability↗2006-03-07

▶

Debian

CVE-2006-0459: flex - flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) ...↗2006

▶

Red Hat

CVE-2006-0459: flex↗

▶