CVE-2022-39832 - An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_st

CVE-2022-39832

Summary

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

References

https://savannah.gnu.org/bugs/index.php?63000
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQKWIVW5WJ5ZQNNQFRKTRKD7J3LRLUYW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4/

Vulnerable Configurations

cpe:2.3:a:gnu:pspp:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:pspp:1.6.2:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

15-09-2022 - 05:15

Published

05-09-2022 - 05:15

Last modified

15-09-2022 - 05:15