PT-2019-4771 · Gnu+4 · Gnu Aspell+4

Published

2019-10-13

Updated

2021-08-02

CVE-2019-17544

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Aspell versions prior to 0.60.8

Description The issue is related to a stack-based buffer over-read in the acomon::unescape function in common/getdata.cpp via an isolated character. This can allow an attacker to disclose protected information or cause a denial of service.

Recommendations For versions prior to 0.60.8, update to version 0.60.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the acomon::unescape function in common/getdata.cpp until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-3304

ALT-PU-2020-3306

ALT-PU-2020-3380

BDU:2020-01343

CVE-2019-17544

DLA-1966-1

DLA-2720-1

DSA-4948-1

MGASA-2019-0311

OESA-2021-1290

SUSE-SU-2019:3034-1

SUSE-SU-2019_3034-1

USN-4155-1

USN-4155-2

Affected Products

Alt Linux

Astra Linux

Gnu Aspell

Suse

Ubuntu

PT-2019-4771 · Gnu+4 · Gnu Aspell+4

CVE-2019-17544

Weakness Enumeration

Related Identifiers

Affected Products

References · 39