Primary

Context

GNU PSPP Heap-Based Buffer Over-Read Vulnerability in rijndaelDecrypt Function

Vulnerability

A heap-based buffer over-read vulnerability has been identified in GNU PSPP versions through 2.0.1. The issue arises from an incorrect function call in the fill_buffer function within the encrypted-file.c source file. This misstep involves the Gnulib rijndaelDecrypt function, leading to the buffer over-read condition.

Impact

Exploitation of this vulnerability causes a heap buffer over-read, which can potentially be leveraged for a heap-based memory corruption attack.

Reproduction

The vulnerability can be reproduced by compiling GNU PSPP with Clang 12.0.1, using specific compiler flags to disable optimizations and enable AddressSanitizer. After installing the vulnerable version, the issue can be triggered by using the 'pspp-convert' utility to process a specially crafted encrypted file, which will result in an AddressSanitizer error indicating a heap-buffer-overflow.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU PSPP Heap-Based Buffer Over-Read Vulnerability in rijndaelDecrypt Function

Vulnerability

Impact

Reproduction

Affected Products

GNU PSPP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating