<p>There is no fixed version for <code>Debian:11</code> <code>re2c</code>.</p>

Uncontrolled Recursion Affecting re2c package, versions *

Snyk CVSS

Attack Complexity Low

User Interaction Required

Availability High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN11-RE2C-567857
published 29 Apr 2020
disclosed 29 Apr 2020

Report a new vulnerability Found a mistake?

Introduced: 29 Apr 2020

CVE-2018-21232 Open this link in a new tab CWE-674 Open this link in a new tab

How to fix?

There is no fixed version for Debian:11 re2c.

NVD Description

Note: Versions mentioned in the description apply only to the upstream re2c package and not the re2c package as distributed by Debian:11. See How to fix? for Debian:11 relevant fixed versions and status.

re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.

References

ADVISORY
GitHub Issue
OSS security Advisory
OSS security Advisory
Ubuntu CVE Tracker