Heap-based Buffer Over-read in GNU cflow by GNU
CVE-2019-16166
6.5MEDIUM
Summary
The GNU cflow tool version 1.6 is susceptible to a heap-based buffer over-read in its nexttoken function located in parser.c. This vulnerability may allow an attacker to exploit the affected application, possibly leading to unauthorized data access or application instability. Proper coding practices and input validation measures should be undertaken to mitigate such vulnerabilities.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved