CVE-2020-25412

Опубликовано: 16 сент. 2020

Источник: debian

EPSS Низкий

Описание

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

Пакет	Статус	Версия исправления	Релиз	Тип
gnuplot	fixed	6.0.0+dfsg1-1		package

https://sourceforge.net/p/gnuplot/bugs/2303/
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a31c3b70d8d4f887f906afe35accbc9a59ebcd37 (5.5)
No security impact, gnuplot can execute arbitrary commands and need to
come from a trusted source, see README.Debian.security (added in 5.2.6).

EPSS

Процентиль: 69%

0.00614

Низкий

CVE-2020-25412

CVSS3: 9.8

ubuntu

больше 5 лет назад

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

CVE-2020-25412

CVSS3: 7.8

redhat

больше 5 лет назад

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

CVE-2020-25412

CVSS3: 9.8

nvd

больше 5 лет назад

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

GHSA-fw2x-mx3p-5gr5

CVSS3: 9.8

github

больше 3 лет назад

gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution.

EPSS

Процентиль: 69%

0.00614

Низкий