Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2006-0459: flex: the fast lexical analyser

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

CVE
#redis#buffer_overflow

This is flex, the fast lexical analyzer generator.

flex is a tool for generating scanners: programs which recognize lexical patterns in text.

More information about flex as well as the latest official release of flex can be found at:

http://flex.sourceforge.net/

Bug reports should be submitted using the SourceForge Bug Tracker facilities which can be found from flex’s SourceForge project page at:

http://sourceforge.net/projects/flex

There are several mailing lists available as well:

[email protected] - where posts will be made announcing new releases of flex.

[email protected] - where you can post questions about using flex

[email protected] - where you can discuss development of flex itself

Note that flex is distributed under a copyright very similar to that of BSD Unix, and not under the GNU General Public License (GPL).

This file is part of flex.

This code is derived from software contributed to Berkeley by Vern Paxson.

The United States Government has rights in this work pursuant to contract no. DE-AC03-76SF00098 between the United States Department of Energy and the University of California.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED ``AS IS’’ AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

The flex distribution contains the following files which may be of interest:

README - This file.

NEWS - current version number and list of user-visible changes.

INSTALL - basic installation information.

ABOUT-NLS - description of internationalization support in flex.

COPYING - flex’s copyright and license.

doc/ - user documentation.

examples/ - containing examples of some possible flex scanners and a few other things. See the file examples/README for more details.

TODO - outstanding bug reports, desired features, etc.

tests/ - regression tests. See TESTS/README for details.

po/ - internationalization support files.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907