Vulnerability Details CVE-2019-9211
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html
- http://www.securityfocus.com/bid/107190
- https://bugzilla.redhat.com/show_bug.cgi?id=1683499
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html
- http://www.securityfocus.com/bid/107190
- https://bugzilla.redhat.com/show_bug.cgi?id=1683499
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV/
Products affected by CVE-2019-9211
-
cpe:2.3:a:gnu:pspp:1.2.0
-
cpe:2.3:a:suse:backports:-
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:suse:linux_enterprise_server:15