Lucene search

ROSA LABROSA-SA-2023-2199

HistoryJul 25, 2023 - 10:20 a.m.

Advisory ROSA-SA-2023-2199

2023-07-2510:20:55

ROSA LAB

abf.rosalinux.ru

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Software: aspell 0.60.6.1
OS: ROSA Virtualization 2.1

package_evr_string: aspell-0.60.6.1.1-21.rv3.1.src.rpm

CVE-ID: CVE-2019-17544
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer that is reloaded in acommon::unescape in common/getdata.cpp using the isolated character \.
CVE-STATUS: Fixed
CVE-REV: Run yum update aspell command to close it

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchaspell< 0.60.6.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	aspell	< 0.60.6.1	UNKNOWN

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for ROSA-SA-2023-2199