Vulnerability Details CVE-2019-11640
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils/
- https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix
- https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils/
- https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix