CVE-2020-11958

NameCVE-2020-11958
Descriptionre2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs963158

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
re2c (PTS)bullseye2.0.3-1fixed
bookworm3.0-2fixed
sid, trixie4.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
re2csourcejessie(not affected)
re2csourcestretch(not affected)
re2csourcebuster(not affected)
re2csource(unstable)1.3-2963158

Notes

[buster] - re2c <not-affected> (Vulnerability introduced later)
[stretch] - re2c <not-affected> (Vulnerability introduced later)
[jessie] - re2c <not-affected> (Vulnerability introduced later)
http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/
Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2)
Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2)
https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070
Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a

Search for package or bug name: Reporting problems