CVE-2025-8736

EUVD-2025-24013
A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnucflow
1.0
CNA
gnucflow
1.1
CNA
gnucflow
1.2
CNA
gnucflow
1.3
CNA
gnucflow
1.4
CNA
gnucflow
1.5
CNA
gnucflow
1.6
CNA
gnucflow
1.7
CNA
gnucflow
1.8
CNA
Debian logo
Debian Releases
Debian Product
Codename
cflow
bookworm
unimportant
bullseye
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Common Weakness Enumeration
References
https://drive.google.com/file/d/17lkJ5bSiQZoXLTg3bK-rGBt3kahN9Xse/view?usp=drive_link
https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00001.html
https://vuldb.com/?ctiid.319232
https://vuldb.com/?id.319232
https://vuldb.com/?submit.622329
https://www.gnu.org/