Heap-based Buffer Over-read in GNU cflow by GNU
CVE-2019-16166

6.5MEDIUM

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
9 September 2019

Summary

The GNU cflow tool version 1.6 is susceptible to a heap-based buffer over-read in its nexttoken function located in parser.c. This vulnerability may allow an attacker to exploit the affected application, possibly leading to unauthorized data access or application instability. Proper coding practices and input validation measures should be undertaken to mitigate such vulnerabilities.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.