Описание
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gnuchess | fixed | 6.2.9-0.1 | package | |
| gnuchess | fixed | 6.2.7-1+deb12u1 | bookworm | package |
| gnuchess | no-dsa | buster | package | |
| gnuchess | postponed | stretch | package |
Примечания
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
http://git.savannah.gnu.org/cgit/chess.git/commit/?id=f6a65783ebb41bb87811e57754e65933550a44c0 (v6.2.9-pre1)
Связанные уязвимости
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.