Use-After-Free Vulnerability in GNU cflow Affects Multiple Versions
CVE-2019-16165

6.5MEDIUM

Key Information:

Vendor: Gnu
Status: Cflow
Vendor: CVE Published:; 9 September 2019

Summary

GNU cflow versions up to 1.6 are susceptible to a use-after-free vulnerability located in the reference function within parser.c. This flaw can potentially be exploited by attackers to execute arbitrary code or cause unexpected behavior in the software, highlighting the importance of timely updates and patches to safeguard against potential threats. Users should prioritize upgrading to the latest version to mitigate this risk.

References

https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg0...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Sep 9, 2019