Описание
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | |
| eoan | not-affected | 0.60.7-3ubuntu0.1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | needed | |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | ignored | proposed fix would break other applications |
| focal | not-affected | |
| groovy | not-affected | |
| hirsute | not-affected |
Показывать по
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3