CVE-2020-23856
MEDIUMcflow 1.6 - Use-After-Free in parser.c call Function
Title source: llmDescription
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
References (4)
Core 4
Core References
Exploit, Mailing List, Vendor Advisory x_refsource_misc
https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZTTKZX274BVFZX7TMPEZG6UWL6UPMQF/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BLSXGFK2NYPCJMPHSHE3W56ZU3ZO6RD7/
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
33.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (3)
fedoraproject/fedora
33
fedoraproject/fedora
34
gnu/cflow
1.6
Published
May 18, 2021
Tracked Since
Feb 18, 2026