re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. CREATE(Triage):(User=admin) CVE-2020-11958 (https://nvd.nist.gov/vuln/detail/CVE-2020-11958)