GNU Cflow

Do you want an email whenever new security vulnerabilities are reported in GNU Cflow?

By the Year

In 2024 there have been 0 vulnerabilities in GNU Cflow . Last year Cflow had 1 security vulnerability published. Right now, Cflow is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	1	7.50
2022	0	0.00
2021	1	5.50
2020	0	0.00
2019	2	6.50
2018	0	0.00

It may take a day or so for new Cflow vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNU Cflow Security Vulnerabilities

A vulnerability was found in GNU cflow 1.7

CVE-2023-2789 7.5 - High - May 18, 2023

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Improper Resource Shutdown or Release

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service

CVE-2020-23856 5.5 - Medium - May 18, 2021

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

Dangling pointer

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

CVE-2019-16165 6.5 - Medium - September 09, 2019

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

Dangling pointer

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

CVE-2019-16166 6.5 - Medium - September 09, 2019

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for GNU Cflow or by GNU? Click the Watch button to subscribe.

GNU
Vendor

GNU Cflow
Product

By the Year

Recent GNU Cflow Security Vulnerabilities

A vulnerability was found in GNU cflow 1.7 CVE-2023-2789 7.5 - High - May 18, 2023

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service CVE-2020-23856 5.5 - Medium - May 18, 2021

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. CVE-2019-16165 6.5 - Medium - September 09, 2019

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. CVE-2019-16166 6.5 - Medium - September 09, 2019