Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21413

HistorySep 03, 2019 - 12:20 a.m.

Safer Restriction Bypass

2019-09-0300:20:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

0.007 Low

EPSS

Percentile

80.5%

Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput in setsystemparams when hooking errors.

CPENameOperatorVersion
ghostscripteq9.07__20.el7_3.1
ghostscripteq9.07__28.el7_4.2
ghostscripteq9.07__31.el7_6.11
ghostscripteq9.07__31.el7_6.6
ghostscripteq9.07__31.el7_6.1
ghostscripteq9.07__31.el7
ghostscripteq9.07__29.el7_5.2
ghostscripteq9.07__31.el7_6.9
ghostscripteq9.07__31.el7_6.3
ghostscripteq9.07__31.el7_6.10

References

git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33

lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

access.redhat.com/errata/RHBA-2019:2824

access.redhat.com/errata/RHSA-2019:2586

access.redhat.com/errata/RHSA-2019:2594

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813

lists.debian.org/debian-lts-announce/2019/09/msg00007.html

lists.fedoraproject.org/archives/list/[email protected]/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

lists.fedoraproject.org/archives/list/[email protected]/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/

lists.fedoraproject.org/archives/list/[email protected]/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

seclists.org/bugtraq/2019/Sep/15

security.gentoo.org/glsa/202004-03

www.debian.org/security/2019/dsa-4518

0.007 Low

EPSS

Percentile

80.5%

Related for VERACODE:21413

alpinelinux1 osv3 prion1 debiancve1 nvd1 cve1 ubuntucve1 cvelist1 redhatcve1 oraclelinux2 openvas21 nessus33 centos1 mageia1 debian3 freebsd1 redhat4 archlinux1 ubuntu1 fedora5 suse2 gentoo1 amazon1