Buffer Overflow in GNU Chess 6.2.7 Leads to Remote Code Execution
CVE-2021-30184

7.8HIGH

Key Information:

Vendor
Gnu
Status
Chess
Vendor
CVE Published:
7 April 2021

Summary

GNU Chess 6.2.7 contains a vulnerability that allows attackers to execute arbitrary code through specially crafted Portable Game Notation (PGN) data. This issue arises from a buffer overflow linked to the use of a temporary file in the cmd_pgnload and cmd_pgnreplay functions of the application. As a result, an adversary could manipulate the game's input to gain unauthorized access and execute harmful commands on the affected system.

References

https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/...
x_refsource_MISC
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.