Bug 1134073 - (CVE-2019-11639) VUL-1: CVE-2019-11639: gnu-recutils: stack-based buffer overflow in the function rec_type_check_enum
(CVE-2019-11639)
VUL-1: CVE-2019-11639: gnu-recutils: stack-based buffer overflow in the funct...
Status: RESOLVED INVALID
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.0
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-03 14:46 UTC by Alexander Bergmann
Modified: 2020-01-16 15:27 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-05-03 14:46:01 UTC
CVE-2019-11639:
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.

References:
https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils/
https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix
https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/rec2csv
Comment 1 Wolfgang Frisch 2020-01-16 15:27:10 UTC
This package was dropped after Leap 15.0.