Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717714 - sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)
Summary: sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial o...
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/westes/flex/issues...
Whiteboard: A3 [upstream cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-16 13:38 UTC by GLSAMaker/CVETool Bot
Modified: 2021-10-17 20:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-16 13:38:14 UTC
CVE-2019-6293 (https://nvd.nist.gov/vuln/detail/CVE-2019-6293):
  An issue was discovered in the function mark_beginning_as_normal in nfa.c in
  flex 2.6.4. There is a stack exhaustion problem caused by the
  mark_beginning_as_normal function making recursive calls to itself in
  certain scenarios involving lots of '*' characters. Remote attackers could
  leverage this vulnerability to cause a denial-of-service.