Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gnuchess | < 6.2.4-1 | gnuchess_6.2.4-1_all.deb |
Debian | 11 | all | gnuchess | < 6.2.4-1 | gnuchess_6.2.4-1_all.deb |
Debian | 10 | all | gnuchess | < 6.2.4-1 | gnuchess_6.2.4-1_all.deb |
Debian | 999 | all | gnuchess | < 6.2.4-1 | gnuchess_6.2.4-1_all.deb |
Debian | 13 | all | gnuchess | < 6.2.4-1 | gnuchess_6.2.4-1_all.deb |