Debian Flex vulnerabilities

CVE-2019-6293 [MEDIUM] CVE-2019-6293: flex - An issue was discovered in the function mark_beginning_as_normal in nfa.c in fle... An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. Scope: local bookworm: open b

CVE-2016-6354 [CRITICAL] CVE-2016-6354: flex - Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6... Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in

CVE-2010-0634 [HIGH] CVE-2010-0634: flex - Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.3... Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. Scope: local bookworm: resolved (fixed in 2.5.35-1) bullseye: resolved (fixed in 2.5.35-1) forky: resolved (fixed in 2.5.35-1) sid: resolved (fixed in 2.5.35-1) trixie: resolved (fixed in 2.5.35-1)

CVE-2006-0459 [HIGH] CVE-2006-0459: flex - flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) ... flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code. Scope: local bookworm: resolved