ALT-PU-2025-4697-3
Closed vulnerabilities
Published: 2018-12-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-20230
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-02-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-9211
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html
- http://www.securityfocus.com/bid/107190
- https://bugzilla.redhat.com/show_bug.cgi?id=1683499
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html
- http://www.securityfocus.com/bid/107190
- https://bugzilla.redhat.com/show_bug.cgi?id=1683499
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV/