Bug 1134073 (CVE-2019-11639)

Summary: VUL-1: CVE-2019-11639: gnu-recutils: stack-based buffer overflow in the function rec_type_check_enum
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: wolfgang.frisch
Version: Leap 15.0   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2019-05-03 14:46:01 UTC
CVE-2019-11639:
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.

References:
https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils/
https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix
https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/rec2csv
Comment 1 Wolfgang Frisch 2020-01-16 15:27:10 UTC
This package was dropped after Leap 15.0.