CVE-2017-10791

{"id": "CVE-2017-10791", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-07-02T03:29:00.217", "references": [{"url": "http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467004", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467004", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack."}, {"lang": "es", "value": "Se presenta un desbordamiento entero en la funci\u00f3n hash_int de la biblioteca libpspp en PSPP anterior a la versi\u00f3n 0.11.0 de GNU. Por ejemplo, fue observado un bloqueo en el c\u00f3digo de la biblioteca al intentar convertir datos SPSS no v\u00e1lidos en formato CSV. Una entrada especialmente dise\u00f1ada conllevar\u00e1 a un ataque de denegaci\u00f3n de servicio remoto."}], "lastModified": "2024-11-21T03:06:30.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:pspp:0.10.5-pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "721E6CF7-D7E6-44F3-ADD9-93A237C75B9F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}