ALT-PU-2022-4595-1
Package cflow updated to version 1.7-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2020-07-09
BDU:2021-04641
Уязвимость функции call() компонента src/parser.c анализатора потока управления для исходных файлов C Cflow, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-09-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-16165
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-09-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-16166
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2021-05-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-23856
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284
- https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284
- FEDORA-2021-6ef76430d0
- FEDORA-2021-6ef76430d0
- FEDORA-2021-e8cab459ab
- FEDORA-2021-e8cab459ab
- https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
- https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html