{"id":"CVE-2019-6293","details":"An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.","modified":"2026-03-14T09:39:49.790874Z","published":"2019-01-15T00:29:00.523Z","related":["CGA-w4j6-x895-wgx6"],"references":[{"type":"EVIDENCE","url":"https://github.com/westes/flex/issues/414"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/westes/flex","events":[{"introduced":"0"},{"last_affected":"ab49343b08c933e32de8de78132649f9560a3727"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.4"}]}}],"versions":["flex-2-5-10","flex-2-5-5b","flex-2-5-5c","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6293.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}