CVE-2018-20230

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.8HIGH

EPSS

0.2%

top 63.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Pspp

Timeline

PublishedDec 19

Latest updateMay 13

Description

An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianpspp< 1.2.0-3+3

▶NVDgnu/pspp1.2.0

🔴Vulnerability Details

GHSA

GHSA-8jjx-c624-8pjg: An issue was discovered in PSPP 1↗2022-05-13

▶

OSV

CVE-2018-20230: An issue was discovered in PSPP 1↗2018-12-19

▶

CVEList

CVE-2018-20230: An issue was discovered in PSPP 1↗2018-12-19

▶

📋Vendor Advisories

Debian

CVE-2018-20230: pspp - An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at ...↗2018

▶