flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
Conclusion & alert: CVE-2006-0459 is rated Moderate Risk (60.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 3.97%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-06-04 | 4.56% | 3.97% | -0.59% |
| 2 | 2025-03-30 | 7.11% | 4.56% | -2.56% |
| 3 | 2025-03-29 | — | 7.11% | — |
Full EPSS history (10 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2006-0459 not yet assigned priority: Debian including 1 source packages (flex), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2006-0459 |
gentoo
|
normal | CVE-2006-0459: 1 GLSA(s) (200603-07), 1 atom(s) (sys-devel/flex); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-0459 |
redhat
|
— | — | https://access.redhat.com/security/cve/CVE-2006-0459 |
ubuntu
|
medium | CVE-2006-0459 medium priority: Ubuntu including 8 source packages (cyrus21-imapd, flex, …), 32 status rows across 4 suites (dapper, edgy, feisty, upstream): released 14, not-affected 9, needs-triage 8, ignored 1. | https://ubuntu.com/security/CVE-2006-0459 |
This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable.
| URL | Tags |
|---|---|
| http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download | Product |
| http://secunia.com/advisories/19071 | Patch Vendor Advisory |
| http://secunia.com/advisories/19126 | Vendor Advisory |
| http://secunia.com/advisories/19228 | Vendor Advisory |
| http://secunia.com/advisories/19424 | Patch Vendor Advisory |
| http://securityreason.com/securityalert/570 | Third Party Advisory |
| http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce | Release Notes |
| http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml | Third Party Advisory |
| http://www.osvdb.org/23440 | Broken Link Patch |
| http://www.securityfocus.com/bid/16896 | Patch Third Party Advisory VDB Entry |
| http://www.us.debian.org/security/2006/dsa-1020 | Patch Vendor Advisory |
| http://www.vupen.com/english/advisories/2006/0770 | Broken Link URL Repurposed |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24995 | VDB Entry |
| https://usn.ubuntu.com/260-1/ | Third Party Advisory |