CVE-2017-10792

Sažetak

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

Reference

http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html
http://www.securityfocus.com/bid/99385
https://bugzilla.redhat.com/show_bug.cgi?id=1467005

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

02-09-2017 - 01:29

Objavljeno

02-07-2017 - 03:29