Out-of-bounds read in Aspell

#VU21946 Out-of-bounds read in Aspell

Published: 2019-10-20

Vulnerability identifier: #VU21946

Vulnerability risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-17544

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Aspell
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing an isolated character within the acommon::unescape() function in common/getdata.cpp file in GNU Aspell. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Aspell: 0.60 - 0.60.7

External links
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
http://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
http://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Debian update for aspell

openEuler update for aspell

Out-of-bounds read in aspell (Alpine package)

Denial of service in GNU Aspell