CVE-2018-19490 - An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a h

CVE-2018-19490

Summary

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

References

Vulnerable Configurations

cpe:2.3:a:gnuplot:gnuplot:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnuplot:gnuplot:5.2.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 28-09-2020 - 20:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc	https://sourceforge.net/p/gnuplot/bugs/2093/ https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
mlist	[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update [debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update
suse	openSUSE-SU-2019:1216
ubuntu	USN-4541-1

Last major update

28-09-2020 - 20:15

Published

23-11-2018 - 17:29

Last modified

28-09-2020 - 20:15