Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-35357

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.

Published

2023-08-22T19:16:20.167

Last Modified

2024-12-07T21:15:16.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	gnu_scientific_library	2.5	Yes
Application	gnu	gnu_scientific_library	2.6	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 Mailing List, Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html Mailing List, Third Party Advisory ([email protected])
https://savannah.gnu.org/bugs/?59624 Patch ([email protected])
https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/12/msg00006.html (af854a3a-2127-422b-91ae-364da2661108)
https://savannah.gnu.org/bugs/?59624 Patch (af854a3a-2127-422b-91ae-364da2661108)