CVE-2019-25051
Description
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.045
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| GNU Aspell spell-checker (USN-5023-1) aspell_0.60.8-1ubuntu0.1_i386.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) aspell_0.60.8-1ubuntu0.1_amd64.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) aspell_0.60.8-2ubuntu0.1_i386.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) aspell_0.60.8-2ubuntu0.1_amd64.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) aspell_0.60.7~20110707-4ubuntu0.2_i386.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) aspell_0.60.7~20110707-4ubuntu0.2_amd64.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) libaspell15_0.60.8-1ubuntu0.1_i386.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) libaspell15_0.60.8-1ubuntu0.1_amd64.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) libaspell15_0.60.8-2ubuntu0.1_i386.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) libaspell15_0.60.8-2ubuntu0.1_amd64.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) libaspell15_0.60.7~20110707-4ubuntu0.2_i386.deb | Linux |
| GNU Aspell spell-checker (USN-5023-1) libaspell15_0.60.7~20110707-4ubuntu0.2_amd64.deb | Linux |
| aspell security update(DSA-4948-1) aspell_0.60.7~20110707-6+deb10u1_i386.deb | Linux |
| aspell security update(DSA-4948-1) aspell_0.60.7~20110707-6+deb10u1_amd64.deb | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) aspell-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) aspell-debuginfo-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) aspell-debugsource-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) aspell-ispell-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) libaspell15-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) libaspell15-32bit-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) libaspell15-debuginfo-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2848-1(SUSE Linux Enterprise Server 12-SP5 ) libaspell15-debuginfo-32bit-0.60.6.1-18.11.1.x86_64.rpm | Linux |
| (RHSA-2022:1808) aspell security update aspell-debugsource-0.60.6.1-22.el8.i686.rpm | Linux |
| (RHSA-2022:1808) aspell security update aspell-debugsource-0.60.6.1-22.el8.x86_64.rpm | Linux |
| aspell security update (RLSA-2022:1808) aspell-0.60.6.1-22.el8.i686.rpm | Linux |
| aspell security update (RLSA-2022:1808) aspell-0.60.6.1-22.el8.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) aspell-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libaspell15-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libpspell15-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) aspell-devel-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) aspell-debuginfo-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) aspell-debugsource-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libaspell15-debuginfo-0.60.8-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2794-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libpspell15-debuginfo-0.60.8-3.3.1.x86_64.rpm | Linux |
| (RHSA-2022:1808) aspell security update aspell-0.60.6.1-22.el8.i686.rpm | Linux |
| (RHSA-2022:1808) aspell security update aspell-0.60.6.1-22.el8.x86_64.rpm | Linux |
| (RHSA-2022:1808)Moderate: security update aspell-debuginfo-0.60.6.1-22.el8.i686.rpm | Linux |
| (RHSA-2022:1808)Moderate: security update aspell-debuginfo-0.60.6.1-22.el8.x86_64.rpm | Linux |
| Aspell update (ELSA-2022-1808) aspell-0.60.6.1-22.el8.i686.rpm | Linux |
| Aspell update (ELSA-2022-1808) aspell-0.60.6.1-22.el8.x86_64.rpm | Linux |
| aspell Security Update (ALAS-2023-2199) aspell-0.60.6.1-22.amzn2.i686.rpm | Linux |
| aspell Security Update (ALAS-2023-2199) aspell-0.60.6.1-22.amzn2.x86_64.rpm | Linux |
| aspell Security Update (ALAS-2023-2199) aspell-devel-0.60.6.1-22.amzn2.x86_64.rpm | Linux |
| Moderate: aspell security update aspell-0.60.6.1-22.el8.i686.rpm | Linux |
| Moderate: aspell security update aspell-0.60.6.1-22.el8.x86_64.rpm | Linux |
| aspell Security Update (ALAS2-2023-2199) aspell-0.60.6.1-22.amzn2.i686.rpm | Linux |
| aspell Security Update (ALAS2-2023-2199) aspell-0.60.6.1-22.amzn2.x86_64.rpm | Linux |
| aspell Security Update (ALAS2-2023-2199) aspell-devel-0.60.6.1-22.amzn2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234