| Titel | cflow 1.7 has a stack-overflow at src/parser.c because of recursive call of void func_body() and void parse_variable_declaration(Ident *ident, int parm) |
|---|
| Beschreibung | There exists stack-overflow because of recursive call of void func_body() and void parse_variable_declaration(Ident *ident, int parm) at cflow-1.7/src/parser.c. This vulnerability may lead to denial of service (DoS) attacks and execution of malicious code. The details are in https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md. I have informed the vendor:https://savannah.gnu.org/bugs/?64119. |
|---|
| Quelle | ⚠️ https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md |
|---|
| Benutzer | DaisyPo (UID 45463) |
|---|
| Einreichung | 27.04.2023 16:34 (vor 3 Jahren) |
|---|
| Moderieren | 18.05.2023 14:03 (21 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 229373 [GNU cflow 1.7 parser.c func_body/parse_variable_declaration Denial of Service] |
|---|
| Punkte | 20 |
|---|