CVE-2019-6293

Published: 1/15/2019 Last updated: 9/16/2024 Reserved: 1/14/2019

An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-flex

Products affected (1)

Product	Vendor	Version
n/a	n/a	2013 Service Pack 1 (64-bit editions)

References (2)

https://github.com/westes/flex/issues/414
https://github.com/westes/flex/issues/414