CVE-2020-35357

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GSL (GNU Scientific Library) versions 2.5 and 2.6

Description A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL. Processing a maliciously crafted input data for gsl stats quantile from sorted data of the library may lead to unexpected application termination or arbitrary code execution. The issue is related to a buffer copying vulnerability without input validation, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For GSL (GNU Scientific Library) versions 2.5 and 2.6, consider disabling the gsl stats quantile from sorted data function until a patch is available to prevent potential exploitation. Restrict access to the Statistics Library to minimize the risk of arbitrary code execution. Avoid using the gsl stats quantile from sorted data function with untrusted input data until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2020-4217

ALT-PU-2021-4843

ALT-PU-2024-6153

AZL-43711

AZL-45111

BDU:2025-00971

CVE-2020-35357

DLA-3576-1

DLA-3985-1

OPENSUSE-SU-2023_3527-1

OPENSUSE-SU-2023_3858-1

SUSE-SU-2023:3527-1

SUSE-SU-2023:3858-1

SUSE-SU-2023:4051-1

SUSE-SU-2023_3858-1

SUSE-SU-2023_4051-1

USN-6472-1

Affected Products

Alt Linux

Astra Linux

Gsl

Linuxmint

Suse

Ubuntu

CVE-2020-35357

Weakness Enumeration

Related Identifiers

Affected Products

References · 33