Описание
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
Ссылки
- ExploitIssue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.1 (включая)
cpe:2.3:a:gnu:pspp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00022
Низкий
2.9 Low
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 2.9
ubuntu
9 месяцев назад
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
CVSS3: 2.9
debian
9 месяцев назад
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fi ...
CVSS3: 2.9
github
9 месяцев назад
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
EPSS
Процентиль: 5%
0.00022
Низкий
2.9 Low
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-125