CVE-2006-0459

Westes Flex < 2.5.33 - Buffer Overflow via REJECT Statements or Trailing Context Rules

Title source: llm
STIX 2.1

Description

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

References (14)

Core 14
Core References
Broken Link, Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/23440
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.us.debian.org/security/2006/dsa-1020
Broken Link, URL Repurposed vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0770
Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16896
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19071
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19228
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19424
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/570
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19126
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/260-1/

Scores

EPSS 0.0477
EPSS Percentile 90.9%

Details

CWE
CWE-119
Status published
Products (1)
westes/flex < 2.5.32
Published Mar 29, 2006
Tracked Since Feb 18, 2026