Heap-based Buffer Overflow in PSPP by GNU
CVE-2022-39831

7.8HIGH

Key Information:

Vendor
Gnu
Status
Pspp
Vendor
CVE Published:
5 September 2022

Summary

A vulnerability in PSPP 1.6.2 allows for a heap-based buffer overflow in the function read_bytes_internal, found in utilities/pspp-dump-sav.c. This flaw can lead to denial of service through application crashes and may also result in additional unspecified impacts. Users are advised to stay updated with patches and security releases to mitigate these risks.

References

https://savannah.gnu.org/bugs/?62977
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.