PT-2019-14377 · Gnu+1 · Gnu Chess+1

Henry Ballentine

·

Publicado

2019-08-29

·

Atualizado

2025-01-16

·

CVE-2019-15767

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GNU Chess version 6.2.5
Description A stack-based buffer overflow issue exists in the cmd load function, located in frontend/cmd.cc, which can be triggered by a crafted chess position in an EPD file.
Recommendations For GNU Chess version 6.2.5, consider avoiding the use of crafted EPD files until a patch is available. As a temporary workaround, restrict the loading of chess positions from untrusted sources to minimize the risk of exploitation.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2020-1953
ALT-PU-2025-1310
CVE-2019-15767
MGASA-2020-0194
OPENSUSE-SU-2024:10799-1

Produtos afetados

Alt Linux
Gnu Chess