9.1

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuAspell Version < 0.60.8
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.26% 0.868
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
Third Party Advisory
https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
Patch
Third Party Advisory
https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html
https://usn.ubuntu.com/4155-1/
Third Party Advisory
https://usn.ubuntu.com/4155-2/
https://www.debian.org/security/2021/dsa-4948