{"id":"CVE-2016-6354","details":"Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.","modified":"2026-04-16T06:19:03.246643071Z","published":"2016-09-21T14:25:20.800Z","related":["SUSE-SU-2016:2061-1","SUSE-SU-2016:2131-1","SUSE-SU-2016:2195-1","SUSE-SU-2016:2397-1","SUSE-SU-2017:1442-1","openSUSE-SU-2016:2253-1","openSUSE-SU-2016:2254-1","openSUSE-SU-2024:10071-1","openSUSE-SU-2024:10218-1","openSUSE-SU-2024:10230-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/18/8"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/26/12"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-31"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3653"},{"type":"FIX","url":"https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/westes/flex","events":[{"introduced":"0"},{"last_affected":"83d5d1695a2ab1d69ea4d8e7df27146c644876fc"},{"fixed":"a5cbe929ac3255d371e698f62dc256afe7006466"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.0"}]}}],"versions":["flex-2-5-10","flex-2-5-5b","flex-2-5-5c","v2.6.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6354.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}