CVE-2006-0459

NameCVE-2006-0459
Descriptionflex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1020-1
NVD severityhigh (attack range: remote)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
flex (PTS)squeeze2.5.35-10fixed
wheezy2.5.35-10.1fixed
stretch, jessie, sid2.5.39-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
flexsource(unstable)2.5.33-1high
flexsourcesarge2.5.31-31sarge1highDSA-1020-1

Search for package or bug name: Reporting problems