Buffer Over-read in GNU Aspell Library
CVE-2019-17544

9.1CRITICAL

Key Information:

Vendor

Gnu
Status
Aspell
Vendor
CVE Published:
14 October 2019

What is CVE-2019-17544?

A vulnerability exists in the GNU Aspell library that allows for a stack-based buffer over-read. This occurs in the function acommon::unescape found in common/getdata.cpp when processing an isolated backslash ('') character. This issue may lead to potential information leakage, as it could expose sensitive data from the stack.

References

https://github.com/GNUAspell/aspell/commit/80fa26c74279fc...
x_refsource_MISC
https://github.com/GNUAspell/aspell/compare/rel-0.60.7......
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.