All errata/sisyphus/ALT-PU-2019-1003-1
ALT-PU-2019-1003-1

Package update flex in branch sisyphus

Version2.6.4.0.88.9801-alt1
Task#218904
Published2019-01-03
Max severityCRITICAL
Severity:

Closed issues (1)

CVE-2016-6354
CRITICAL9.8

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

Published: 2016-09-21Modified: 2025-04-12
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References

Closed bugs (1)

Bug #35141

ALT-specific change in flex introduces incompatibility