Heap-based Buffer Overflow in PSPP by GNU
CVE-2022-39832

7.8HIGH

Key Information:

Vendor

Gnu
Status
Pspp
Vendor
CVE Published:
5 September 2022

What is CVE-2022-39832?

A heap-based buffer overflow has been identified in version 1.6.2 of PSPP. This vulnerability occurs in the 'read_string' function located in the source file utilities/pspp-dump-sav.c. Exploiting this flaw may allow attackers to trigger an application crash, resulting in a denial of service, while potentially opening the door to additional yet unspecified impacts on the system's integrity.

References

https://savannah.gnu.org/bugs/index.php?63000
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.