user/gnucobol: multiple vulnerabilities
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-10 00:46:02 -0500 |
| Modified | 2021-05-11 20:50:31 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/gnucobol |
Description
CVE-2019-14468: https://nvd.nist.gov/vuln/detail/CVE-2019-14468
GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via
crafted COBOL source code.
CVE-2019-14486: https://nvd.nist.gov/vuln/detail/CVE-2019-14486
GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c
via crafted COBOL source code.
CVE-2019-14528: https://nvd.nist.gov/vuln/detail/CVE-2019-14528
GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in
cobc/scanner.l via crafted COBOL source code.
CVE-2019-14541: https://nvd.nist.gov/vuln/detail/CVE-2019-14541
GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id
in cobc/typeck.c via crafted COBOL source code.
CVE-2019-16395: https://nvd.nist.gov/vuln/detail/CVE-2019-16395
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name()
function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396: https://nvd.nist.gov/vuln/detail/CVE-2019-16396
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name()
function in cobc/parser.y via crafted COBOL source code.