CVE-2019-19720

Name of the Vulnerable Software and Affected Versions Yabasic version 2.86.1

Description A heap-based buffer overflow issue exists in the yylex() function, located in flex.c, which can be triggered by a crafted BASIC source file.

Recommendations For Yabasic version 2.86.1, consider avoiding the use of crafted BASIC source files until a patch is available. As a temporary workaround, restrict the execution of potentially malicious BASIC source files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.