PT-2023-21396 · Gnu+2 · Gnu Cflow+2
Daisypo
·
Published
2023-05-18
·
Updated
2026-04-01
·
CVE-2023-2789
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GNU cflow version 1.7
Description
A problematic issue has been found that affects the function
func body/parse variable declaration of the file parser.c, leading to denial of service. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond.Recommendations
For GNU cflow version 1.7, as a temporary workaround, consider disabling the
func body/parse variable declaration function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Gnu Cflow
Red Os