CVE-2006-0459 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0459
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0459

Description: flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24995 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-260-1 SREASON http://securityreason.com/securityalert/570 SAID Secunia Advisory: SA19071 Secunia Advisory: SA19424 Secunia Advisory: SA19126 Secunia Advisory: SA19228 OSVDB 23440 MLIST http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce GENTOO http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml DEBIAN http://www.us.debian.org/security/2006/dsa-1020 CONFIRM http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download BID 16896

Return to the previous page.