Integer Overflow Vulnerability in GNU PSPP Affects Data Conversion
CVE-2017-10791

6.5MEDIUM

Key Information:

Vendor: Gnu
Status: Pspp
Vendor: CVE Published:; 2 July 2017

Summary

An integer overflow vulnerability exists in the hash_int function of the libpspp library found in GNU PSPP prior to version 0.11.0. This flaw can be exploited when handling malformed SPSS data, resulting in a remote denial of service attack. By providing specially crafted input, an attacker can cause the library to crash during the data conversion process from SPSS to CSV format, disrupting services that rely on this functionality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1467004

x_refsource_MISC

http://lists.gnu.org/archive/html/pspp-announce/2017-08/m...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2017
Vulnerability Reserved
Jul 1, 2017