PT-2021-3689 · Gnu+9 · Gnu Aspell+9

Published

2021-07-20

·

Updated

2024-06-28

·

CVE-2019-25051

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions GNU Aspell version 0.60.8
Description The issue is related to a heap-based buffer overflow in the acomon::ObjStack::dup top function, which can be called from acomon::StringMap::add and acomon::Config::lookup list. This can allow a remote attacker to execute arbitrary code. The vulnerability is also described as a buffer overflow in the heap region of the memory, which can be exploited to execute arbitrary code.
Recommendations For GNU Aspell version 0.60.8, consider disabling the acomon::ObjStack::dup top function as a temporary workaround until a patch is available. Restrict access to the acomon::StringMap::add and acomon::Config::lookup list functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2022:1808
ALT-PU-2022-2843
ALT-PU-2022-2854
ALT-PU-2022-2893
AZL-11363
BDU:2021-03922
BDU:2021-04022
CESA-2022_1808
CVE-2019-25051
DLA-2720-1
DSA-4948-1
MGASA-2021-0388
OESA-2021-1351
OESA-2024-1754
OESA-2024-1755
OPENSUSE-SU-2021:1181-1
OPENSUSE-SU-2021:2794-1
OPENSUSE-SU-2021_1181-1
OPENSUSE-SU-2021_2794-1
OPENSUSE-SU-2024:10635-1
RHSA-2022:1808
RHSA-2022_1808
RLSA-2022:1808
ROSA-SA-2024-2425
SUSE-SU-2021:14783-1
SUSE-SU-2021:2794-1
SUSE-SU-2021:2848-1
SUSE-SU-2021_14783-1
SUSE-SU-2021_2794-1
SUSE-SU-2021_2848-1
USN-5023-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gnu Aspell
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu