| Title | cflow 1.7 has a stack-overflow at src/parser.c because of recursive call of void func_body() and void parse_variable_declaration(Ident *ident, int parm) |
|---|
| Description | There exists stack-overflow because of recursive call of void func_body() and void parse_variable_declaration(Ident *ident, int parm) at cflow-1.7/src/parser.c. This vulnerability may lead to denial of service (DoS) attacks and execution of malicious code. The details are in https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md. I have informed the vendor:https://savannah.gnu.org/bugs/?64119. |
|---|
| Source | ⚠️ https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md |
|---|
| User | DaisyPo (UID 45463) |
|---|
| Submission | 04/27/2023 16:34 (3 years ago) |
|---|
| Moderation | 05/18/2023 14:03 (21 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 229373 [GNU cflow 1.7 parser.c func_body/parse_variable_declaration denial of service] |
|---|
| Points | 20 |
|---|