Stack-Based Buffer Overflow in GNU Chess by the Free Software Foundation
CVE-2015-8972

9.8CRITICAL

Key Information:

Vendor

Gnu
Status
Chess
Vendor
CVE Published:
23 January 2017

What is CVE-2015-8972?

A stack-based buffer overflow vulnerability exists in the ValidateMove function of GNU Chess before version 6.2.4. This security flaw can be exploited by attackers who provide a large input while the program is running in UCI mode, potentially allowing them to execute arbitrary commands. This highlights the importance of keeping software updated to mitigate such security risks.

References

http://www.openwall.com/lists/oss-security/2016/11/13/2
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/14/12
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/14/11
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.