← back
CVE-2020-23856

CVE-2020-23856

EPSS 0.4%
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BLSXGFK2NYPCJMPHSHE3W56ZU3ZO6RD7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZTTKZX274BVFZX7TMPEZG6UWL6UPMQF/https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html