Vigil@nce: flex, invalid code generation
February 2010 by Vigil@nce
An attacker can invite the victim to use flex with an invalid lex
file, in order to generate incorrect C code.
– Severity: 2/4
– Consequences: user access/rights, data reading, data
creation/edition
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 16/02/2010
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The flex program reads a specification file defining rules
composed of regular expressions and of code, and then generates a
C program which executes the code when the related expression is
found.
However, flex does not correctly handle comments nor yy_size_t
sizes. The generated code is thus invalid.
An attacker can therefore invite the victim to use flex with an
invalid lex file, in order to generate incorrect C code.
CHARACTERISTICS
– Identifiers: 1628314, 1849805, 1849809, 1849812, CVE-2010-0634,
VIGILANCE-VUL-9453
– Url: http://vigilance.fr/vulnerability/flex-invalid-code-generation-9453