RHEL 7 : aspell (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...

The vulnerability of the libaspell.a component in the GNU Aspell spell-checking program allows a hacker to disclose protected information or cause system failures.

The vulnerability of the libaspell.a component in the GNU Aspell spell-checking program is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information or cause system failures...

GNU Aspell libaspell.a Buffer Overflow Vulnerability

GNU Aspell is a spell checker. A buffer overflow vulnerability exists in the libaspell.a file in versions of GNU Aspell prior to 0.60.8. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

The CVE-2019-20433 issue affects GNU Aspell’s libaspell.a prior to 0.60.8, where a buffer over-read can occur for a string ending with a single ASCII NUL (’\0’) when the encoding is UCS-2 or UCS-4 outside the application, as demonstrated by the ASPELL_CONF environment variable. The vulnerability ...

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

CVE-2019-17544

CVE-2019-17544 affects libaspell.a (GNU Aspell) up to version 0.60.7, with a stack-based buffer over-read in acommon::unescape (common/getdata.cpp) triggered by an isolated \ character. Connected documents confirm the vulnerable component is GNU Aspell and cite the same root cause, and note the f...

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

GNU Aspell Buffer Overflow Vulnerability

GNU Aspell is a free, open source spell checker. A stack buffer overflow vulnerability exists in acommon::unescape in common/getdata.cpp in libaspell.a in versions prior to GNU Aspell 0.60.8, which can be exploited by an attacker to cause, among other things, a buffer overflow or heap overflow...