Upstream information

CVE-2018-20230 at MITRE


An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 7.8
Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3
SUSE Bugzilla entries: 1120061 [RESOLVED / FIXED], 1203128 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15
  • libspread-sheet-widget0 >= 0.3-bp150.2.1
  • pspp >= 1.2.0-bp150.3.3.1
  • pspp-devel >= 1.2.0-bp150.3.3.1
  • spread-sheet-widget-devel >= 0.3-bp150.2.1
openSUSE Leap 15.0
  • libspread-sheet-widget0 >= 0.3-lp150.2.1
  • pspp >= 1.2.0-lp150.2.3.1
  • pspp-devel >= 1.2.0-lp150.2.3.1
  • spread-sheet-widget-devel >= 0.3-lp150.2.1
openSUSE Tumbleweed
  • pspp >= 1.4.1-2.3
  • pspp-devel >= 1.4.1-2.3
  • pspp-devel-doc >= 1.4.1-2.3
  • pspp-doc >= 1.4.1-2.3
  • pspp-lang >= 1.4.1-2.3
openSUSE Tumbleweed GA pspp-1.4.1-2.3

SUSE Timeline for this CVE

CVE page created: Thu Dec 20 06:35:38 2018
CVE page last modified: Wed Oct 26 21:35:52 2022