Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0548

6 documents6 sources
Severity
7.2HIGH
EPSS
0.2%
top 59.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Gentoo LinuxGNU Aspell
Timeline
PublishedAug 6
Latest updateApr 29

Description

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

ā–¶Debianaspell< 0.50.5-3+3
ā–¶NVDgnu/aspell0.50.5
ā–¶NVDgentoo/linux1.4

šŸ”“Vulnerability Details

3
GHSA
GHSA-qj45-8h8f-43w4: Multiple stack-based buffer overflows in the word-list-compress functionality in compressā†—2022-04-29
ā–¶
OSV
CVE-2004-0548: Multiple stack-based buffer overflows in the word-list-compress functionality in compressā†—2004-08-06
ā–¶
CVEList
CVE-2004-0548: Multiple stack-based buffer overflows in the word-list-compress functionality in compressā†—2004-06-11
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Aspell (word-list-compress) - Command Line Stack Overflowā†—2004-12-01
ā–¶

šŸ“‹Vendor Advisories

1
Debian
CVE-2004-0548: aspell - Multiple stack-based buffer overflows in the word-list-compress functionality in...ā†—2004
ā–¶
CVE-2004-0548 (HIGH CVSS 7.2) | Multiple stack-based buffer overflo | cvebase.io