All errata/c10f1/ALT-PU-2024-6153-3
ALT-PU-2024-6153-3

Package update gsl in branch c10f1

Version2.7-alt1
Task#344652
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2025-00971
MEDIUM6.5

Уязвимость математической библиотеки GSL, связанная с копированием буфера без проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-02-03Modified: 2025-05-05
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2020-35357
MEDIUM6.5

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.

Published: 2023-08-22Modified: 2024-12-07
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References