CVE-2025-8735

CWE-404CWE-476 โ€” NULL Pointer Dereference5 documents5 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Cflow
Timeline
PublishedAug 8

Description

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

โ–ถCVEListV5gnu/cflow9 versions+8

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-9jpr-2g6g-wg42: A vulnerability classified as problematic was found in GNU cflow up to 1โ†—2025-08-08
โ–ถ
OSV
CVE-2025-8735: A vulnerability classified as problematic was found in GNU cflow up to 1โ†—2025-08-08
โ–ถ
CVEList
GNU cflow Lexer c.c yylex null pointer dereferenceโ†—2025-08-08
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Debian
CVE-2025-8735: cflow - A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affe...โ†—2025
โ–ถ
CVE-2025-8735 (MEDIUM CVSS 4.8) | A vulnerability classified as probl | cvebase.io