CVE-2025-8736— GNU cflow Lexer c.c yylex buffer overflow

GNU cflow Lexer c.c yylex buffer overflow

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

GNU cflow 安全漏洞

GNU cflow是美国GNU社区的一款流程图生成器，它能够读取C语言源文件并生成外部引用的流程图。 GNU cflow 1.8及之前版本存在安全漏洞，该漏洞源于存在缓冲区溢出问题。

N/A

N/A