CVE-2021-30184

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/16/2021 07:35:32 PM UTC

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Chess from Gnu contain the following vulnerability:

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.

  • CVE-2021-30184 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Buffer Overflows in cmd.cc lists.gnu.org
text/html
URL Logo MISC lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
[SECURITY] Fedora 32 Update: gnuchess-6.2.7-5.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-a58cb9bc7a
Re: Buffer Overflows in cmd.cc lists.gnu.org
text/html
URL Logo MISC lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
[SECURITY] Fedora 33 Update: gnuchess-6.2.7-5.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-2c714d311f

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationGnuChess6.2.7AllAllAll
  • cpe:2.3:a:gnu:chess:6.2.7:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-30184 : GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation… twitter.com/i/web/status/1… 2021-04-07 12:06:23