PT-2020-2763 · Gnu+3 · Gnu Aspell+3

Published

2020-01-27

·

Updated

2021-10-15

·

CVE-2019-20433

CVSS v2.0

9.4

Critical

VectorAV:N/AC:L/Au:N/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions GNU Aspell versions prior to 0.60.8
Description The issue is caused by a buffer over-read in the libaspell.a component of GNU Aspell. This occurs when a string ends with a single '0' byte and the encoding is set to ucs-2 or ucs-4 outside of the application, such as through the ASPELL CONF environment variable. This could allow a remote attacker to disclose protected information or cause a denial of service.
Recommendations For versions prior to 0.60.8, update to version 0.60.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ucs-2 and ucs-4 encodings outside of the application to minimize the risk of exploitation. Avoid using the ASPELL CONF environment variable to set these encodings until the issue is resolved.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-3304
ALT-PU-2020-3306
ALT-PU-2020-3380
BDU:2020-02855
CVE-2019-20433
OESA-2021-1388
SUSE-SU-2020:0397-1
SUSE-SU-2020:14289-1
SUSE-SU-2020:2807-1
SUSE-SU-2020_0397-1
SUSE-SU-2020_2807-1

Affected Products

Alt Linux
Astra Linux
Gnu Aspell
Suse