skvadrik/re2c

skvadrik/re2c

Releases44

Frequency3 months 2 weeks

Last Release 3 months ago

Stars1.29K

Lexer generator for C, C++, D, Go, Haskell, Java, JS, OCaml, Python, Rust, Swift, V and Zig.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-2903 ↗	Feb 22, 2026Sunday, 22 February 2026, 01:16	3.3 LOW	1.7 LOW
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.
CVE-2022-23901 ↗	Mar 29, 2022Tuesday, 29 March 2022, 12:15	9.8 CRITICAL	7.5 HIGH
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.
CVE-2018-21232 ↗	Apr 29, 2020Wednesday, 29 April 2020, 14:15	5.5 MEDIUM	4.3 MEDIUM
re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.
CVE-2020-11958 ↗	Apr 21, 2020Tuesday, 21 April 2020, 01:15	7.8 HIGH	6.8 MEDIUM
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.