CVE-2018-20230 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-20230 Interim 1 16 2023-09-07T00:28:04Z current 2021-05-30T14:19:31Z 2023-09-07T00:28:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-20230 An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00032.html E-Mail link for openSUSE-SU-2019:0198-1 https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00050.html E-Mail link for openSUSE-SU-2019:0212-1 https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00059.html E-Mail link for openSUSE-SU-2019:0240-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Tumbleweed libspread-sheet-widget0-0.3-bp150.2.1 libspread-sheet-widget0-0.3-lp150.2.1 pspp-1.2.0-bp150.3.3.1 pspp-1.2.0-lp150.2.3.1 pspp-1.4.1-2.3 pspp-devel-1.2.0-bp150.3.3.1 pspp-devel-1.2.0-lp150.2.3.1 pspp-devel-1.4.1-2.3 pspp-devel-doc-1.4.1-2.3 pspp-doc-1.4.1-2.3 pspp-lang-1.4.1-2.3 spread-sheet-widget-devel-0.3-bp150.2.1 spread-sheet-widget-devel-0.3-lp150.2.1 libspread-sheet-widget0-0.3-bp150.2.1 as a component of SUSE Package Hub 15 pspp-1.2.0-bp150.3.3.1 as a component of SUSE Package Hub 15 pspp-devel-1.2.0-bp150.3.3.1 as a component of SUSE Package Hub 15 spread-sheet-widget-devel-0.3-bp150.2.1 as a component of SUSE Package Hub 15 libspread-sheet-widget0-0.3-lp150.2.1 as a component of openSUSE Leap 15.0 pspp-1.2.0-lp150.2.3.1 as a component of openSUSE Leap 15.0 pspp-devel-1.2.0-lp150.2.3.1 as a component of openSUSE Leap 15.0 spread-sheet-widget-devel-0.3-lp150.2.1 as a component of openSUSE Leap 15.0 pspp-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-devel-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-devel-doc-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-doc-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-lang-1.4.1-2.3 as a component of openSUSE Tumbleweed An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-20230 SUSE Package Hub 15:libspread-sheet-widget0-0.3-bp150.2.1 SUSE Package Hub 15:pspp-1.2.0-bp150.3.3.1 SUSE Package Hub 15:pspp-devel-1.2.0-bp150.3.3.1 SUSE Package Hub 15:spread-sheet-widget-devel-0.3-bp150.2.1 openSUSE Leap 15.0:libspread-sheet-widget0-0.3-lp150.2.1 openSUSE Leap 15.0:pspp-1.2.0-lp150.2.3.1 openSUSE Leap 15.0:pspp-devel-1.2.0-lp150.2.3.1 openSUSE Leap 15.0:spread-sheet-widget-devel-0.3-lp150.2.1 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H