Denial-of-Service in GNU cflow 1.7 (func_body/parse_variable_declaration)
CVE-2023-2789 Published on May 18, 2023
GNU cflow parser.c parse_variable_declaration denial of service
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
CVE reserved
VulDB entry created
VulDB entry last update 23 days later.
Weakness Type
Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Products Associated with CVE-2023-2789
Want to know whenever a new CVE is published for GNU Cflow? stack.watch will email you.
Affected Versions
GNU cflow Version 1.7 is affected by CVE-2023-2789Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.