7.8

CVE-2019-25051

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuAspell Version0.60.8
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version34
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.415
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2021/dsa-4948
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462
Third Party Advisory
https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7E4EI7F6TVN7K6XWU6HSANMCOKKEREE/