GNU PSPP Denial-of-Service Vulnerability via Crafted Input Data

A denial-of-service vulnerability has been identified in GNU PSPP versions through 2.0.1. The issue arises in the library 'libpspp-core.a', where crafted input data can trigger an assertion failure in the 'var_set_leave_quiet' function, leading to a program crash. This vulnerability occurs when the input data causes the application to process variables in a way that violates expected conditions, particularly in the 'src/data/dictionary.c' and 'src/data/variable.c' files.

Impact

Exploitation of this vulnerability causes the application to abort unexpectedly, terminating the program with a SIGABRT signal due to the assertion failure.

Reproduction

The vulnerability can be reproduced by running GNU PSPP with input data that includes variables designed to trigger the assertion failure in the 'var_set_leave_quiet' function. This can be done using a proof-of-concept file named 'POC-PSPP-Abort', which contains the crafted data needed to cause the application to crash. The program should be executed with the 'compatible' algorithm option, which is available in the 'GNU PSPP' Git repository.