OSVDB ID: 23440

Title: Fast Lexical Analyzer Generator (Flex) Multiple Lexicographical Scanners Overflow

Info

Disclosure

Feb 22, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Fast Lexical Analyzer Generator (Flex) contains a flaw that may allow arbitrary code execution. The issue is due to a buffer overflow in a particular class of lexicographical scanners generated by flex. It is unclear if there are additional vulnerabilities.

Classification

Location: Location Unknown
Attack Type: Input Manipulation, Attack Type Unknown
Impact: Loss of Integrity, Impact Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.5.33 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Will Estes

flex

2.5.31

References

Secunia Advisory ID: 19071 19126 19228 19424
CVE ID: 2006-0459 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2006-02/0022.html
Vendor URL: http://flex.sourceforge.net/
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml
http://www.ubuntu.com/usn/usn-260-1
Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1020

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/23440