Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 717714

Summary: sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/westes/flex/issues/414
Whiteboard: A3 [upstream cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-16 13:38:14 UTC 
CVE-2019-6293 (https://nvd.nist.gov/vuln/detail/CVE-2019-6293):
  An issue was discovered in the function mark_beginning_as_normal in nfa.c in
  flex 2.6.4. There is a stack exhaustion problem caused by the
  mark_beginning_as_normal function making recursive calls to itself in
  certain scenarios involving lots of '*' characters. Remote attackers could
  leverage this vulnerability to cause a denial-of-service.