Vulnerabilities > CVE-2019-9211 - Reachable Assertion vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gnu
fedoraproject
suse
CWE-617
nessus

Summary

There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.

Vulnerable Configurations

Part Description Count
Application
Gnu
1
Application
Suse
1
OS
Fedoraproject
1
OS
Suse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-817FF2201F.NASL
    description - Fixed several CVEs ---- - PSPP ver. 1.2.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123805
    published2019-04-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123805
    titleFedora 29 : pspp (2019-817ff2201f)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6DCB6B21DE.NASL
    description - Fixed several CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124502
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124502
    titleFedora 30 : pspp (2019-6dcb6b21de)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1189.NASL
    descriptionThis update for pspp fixes the following issues : - CVE-2019-9211: Handle a reachable assertion in write_long_string_missing_values() in libdata.a that could have lead to denial of service. (boo#1127343). - Remove excessive -n argument to %build, and excessive %defattr lines.
    last seen2020-05-31
    modified2019-04-12
    plugin id124016
    published2019-04-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124016
    titleopenSUSE Security Update : pspp (openSUSE-2019-1189)