cpe:/a:will_estes_and_john_millaway:flex:2.5.30 cpe:/a:will_estes_and_john_millaway:flex:2.5.32 CVE-2006-0459 2006-03-29T18:02:00.000-05:00 2018-10-03T17:35:35.057-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-30T09:09:00.000-05:00 ALLOWS_USER_ACCESS BID 16896 SECUNIA 19071 SECUNIA 19126 SECUNIA 19228 SECUNIA 19424 OSVDB 23440 SREASON 570 VUPEN ADV-2006-0770 DEBIAN DSA-1020 GENTOO GLSA-200603-07 UBUNTU USN-260-1 MLIST [flex-announce] 20060222 flex 2.5.33 released XF flex-bypass-security(24995) CONFIRM http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.