Gnu · Flex · CVE-2016-6354
**Name of the Vulnerable Software and Affected Versions**
Flex versions prior to 2.6.1
**Description**
A heap-based buffer overflow issue exists in the `yy get next buffer` function, potentially allowing attackers to cause a denial of service or possibly execute arbitrary code via certain vectors involving `num to read`.
**Recommendations**
For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.