[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-recutils] GNU recutils 1.8 buffer overflow Vulnerabilities
From: |
Umair Siddiqui |
Subject: |
[bug-recutils] GNU recutils 1.8 buffer overflow Vulnerabilities |
Date: |
Thu, 26 Sep 2019 20:19:22 +0500 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 |
hi,
it seems like after version 1.8, some buffer overflow Vulnerabilities
are now introduced in recutils.
https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-52109/GNU-Recutils.html
```
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish
Date Update Date Score Gained Access Level Access
Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-11640 119 Overflow 2019-05-01 2019-05-02
6.8 None Remote Medium Not required Partial Partial
Partial An issue was discovered in GNU recutils 1.8. There is a
heap-based buffer overflow in the function rec_fex_parse_str_simple at
rec-fex.c in librec.a.
2 CVE-2019-11639 119 Overflow 2019-05-01 2019-05-01
6.8 None Remote Medium Not required Partial Partial
Partial An issue was discovered in GNU recutils 1.8. There is a
stack-based buffer overflow in the function rec_type_check_enum at
rec-types.c in librec.a.
3 CVE-2019-11638 125 2019-05-01 2019-05-01 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU recutils 1.8. There is a NULL pointer
dereference in the function rec_field_name_equal_p at rec-field-name.c
in librec.a, leading to a crash.
4 CVE-2019-11637 125 2019-05-01 2019-05-01 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU recutils 1.8. There is a NULL pointer
dereference in the function rec_rset_get_props at rec-rset.c in
librec.a, leading to a crash.
5 CVE-2019-6460 476 2019-01-16 2019-01-17 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU Recutils 1.8. There is a NULL pointer
dereference in the function rec_field_set_name() in the file rec-field.c
in librec.a.
6 CVE-2019-6459 399 2019-01-16 2019-01-17 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU Recutils 1.8. There is a memory leak in
rec_extract_type in rec-utils.c in librec.a.
7 CVE-2019-6458 399 2019-01-16 2019-01-17 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU Recutils 1.8. There is a memory leak in
rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c
in librec.a.
8 CVE-2019-6457 399 2019-01-16 2019-01-17 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU Recutils 1.8. There is a memory leak in
rec_aggregate_reg_new in rec-aggregate.c in librec.a.
9 CVE-2019-6456 476 2019-01-16 2019-01-17 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU Recutils 1.8. There is a NULL pointer
dereference in the function rec_fex_size() in the file rec-fex.c of
librec.a.
10 CVE-2019-6455 415 2019-01-16 2019-01-17 4.3
None Remote Medium Not required None None Partial An
issue was discovered in GNU Recutils 1.8. There is a double-free problem
in the function rec_mset_elem_destroy() in the file rec-mset.c.
```
disclaimer: i didn't discovered these Vulnerabilities, i was browsing
recutils usage and on further google search found entries in CVE database.
regards
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug-recutils] GNU recutils 1.8 buffer overflow Vulnerabilities,
Umair Siddiqui <=