| Vulnerability Name: | CVE-2021-30184 (CCN-199624) | ||||||||||||
| Assigned: | 2021-04-06 | ||||||||||||
| Published: | 2021-04-06 | ||||||||||||
| Updated: | 2022-05-16 | ||||||||||||
| Summary: | GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-120 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-30184 Source: XF Type: UNKNOWN gnuchess-cve202130184-bo(199624) Source: FEDORA Type: Third Party Advisory FEDORA-2021-2c714d311f Source: FEDORA Type: Third Party Advisory FEDORA-2021-ff3297913b Source: FEDORA Type: Third Party Advisory FEDORA-2021-a58cb9bc7a Source: MISC Type: Exploit, Mailing List, Patch, Vendor Advisory https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html Source: CCN Type: GNU Mailing List, Tue, 6 Apr 2021 08:37:36 +0200 Re: Buffer Overflows in cmd.cc Source: MISC Type: Exploit, Mailing List, Vendor Advisory https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html Source: GENTOO Type: Third Party Advisory GLSA-202107-28 Source: CCN Type: GNU Web site GNU Chess | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||