CVE-2006-0459

NameCVE-2006-0459
Descriptionflex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1020-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
flex (PTS)jessie, jessie (lts)2.5.39-8+deb8u2fixed
stretch2.6.1-1.3fixed
buster2.6.4-6.2fixed
bullseye2.6.4-8fixed
sid, trixie, bookworm2.6.4-8.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
flexsourcesarge2.5.31-31sarge1DSA-1020-1
flexsource(unstable)2.5.33-1
Search for package or bug name: Reporting problems