Stack-Based Buffer Overflow in GNU Chess by The GNU Project
CVE-2019-15767

7.8HIGH

Key Information:

Vendor
Gnu
Status
Chess
Vendor
CVE Published:
29 August 2019

Summary

In GNU Chess version 6.2.5, a severe stack-based buffer overflow vulnerability exists within the cmd_load function located in frontend/cmd.cc. This vulnerability can be exploited by providing a specially crafted chess position within an EPD file, potentially allowing attackers to execute arbitrary code or crash the application. Users and system administrators are advised to apply the recommended patches and updates to mitigate the risks associated with this security flaw.

References

https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/...
x_refsource_MISC
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.