Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2006-0459
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-29 Mar, 2006 | 23:02
Updated At-16 Apr, 2026 | 00:27

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
westes
westes
>>flex>>Versions up to 2.5.32(inclusive)
cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2006-08-16T00:00:00

This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable.

References
HyperlinkSourceResource
http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?downloadsecalert@redhat.com
Product
http://secunia.com/advisories/19071secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/19126secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19228secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19424secalert@redhat.com
Patch
Vendor Advisory
http://securityreason.com/securityalert/570secalert@redhat.com
Third Party Advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announcesecalert@redhat.com
Release Notes
http://www.gentoo.org/security/en/glsa/glsa-200603-07.xmlsecalert@redhat.com
Third Party Advisory
http://www.osvdb.org/23440secalert@redhat.com
Broken Link
Patch
http://www.securityfocus.com/bid/16896secalert@redhat.com
Patch
Third Party Advisory
VDB Entry
http://www.us.debian.org/security/2006/dsa-1020secalert@redhat.com
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0770secalert@redhat.com
Broken Link
URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/24995secalert@redhat.com
VDB Entry
https://usn.ubuntu.com/260-1/secalert@redhat.com
Third Party Advisory
http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?downloadaf854a3a-2127-422b-91ae-364da2661108
Product
http://secunia.com/advisories/19071af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://secunia.com/advisories/19126af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19228af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19424af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://securityreason.com/securityalert/570af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announceaf854a3a-2127-422b-91ae-364da2661108
Release Notes
http://www.gentoo.org/security/en/glsa/glsa-200603-07.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.osvdb.org/23440af854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
http://www.securityfocus.com/bid/16896af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
VDB Entry
http://www.us.debian.org/security/2006/dsa-1020af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0770af854a3a-2127-422b-91ae-364da2661108
Broken Link
URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/24995af854a3a-2127-422b-91ae-364da2661108
VDB Entry
https://usn.ubuntu.com/260-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download
Source: secalert@redhat.com
Resource:
Product
Hyperlink: http://secunia.com/advisories/19071
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19126
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19228
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19424
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/570
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce
Source: secalert@redhat.com
Resource:
Release Notes
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.osvdb.org/23440
Source: secalert@redhat.com
Resource:
Broken Link
Patch
Hyperlink: http://www.securityfocus.com/bid/16896
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.us.debian.org/security/2006/dsa-1020
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2006/0770
Source: secalert@redhat.com
Resource:
Broken Link
URL Repurposed
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/24995
Source: secalert@redhat.com
Resource:
VDB Entry
Hyperlink: https://usn.ubuntu.com/260-1/
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: http://secunia.com/advisories/19071
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19126
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19228
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19424
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/570
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.osvdb.org/23440
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Hyperlink: http://www.securityfocus.com/bid/16896
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.us.debian.org/security/2006/dsa-1020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2006/0770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
URL Repurposed
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/24995
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry
Hyperlink: https://usn.ubuntu.com/260-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found