Bugzilla – Bug 1186237
VUL-0: CVE-2020-23856: cflow: Use-after-Free vulnerability in cflow 1.6
Last modified: 2021-05-19 14:44:33 UTC
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line)
function at src/parser.c, which could cause a denial of service via the pointer
This might affect the following packages:
- openSUSE:Factory/cflow 1.6
- openSUSE:Leap:15.2/cflow 1.5
I've not been able to find any official statement from cflow devs. I requested additional info to the bug reporter .
Last cflow release is version 1.6 (released on February 23, 2019).