Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 354
    • Issues 354
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #301

Closed
Open
Created Jun 10, 2020 by Emily@emily🤖

user/gnucobol: multiple vulnerabilities

Bugzilla ID 301
Alias(es) CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2020-06-10 00:46:02 -0500
Modified 2021-05-11 20:50:31 -0500
Status CONFIRMED
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / normal
Package(s) user/gnucobol

Description

CVE-2019-14468: https://nvd.nist.gov/vuln/detail/CVE-2019-14468

GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via
crafted COBOL source code.

CVE-2019-14486: https://nvd.nist.gov/vuln/detail/CVE-2019-14486

GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c
via crafted COBOL source code.

CVE-2019-14528: https://nvd.nist.gov/vuln/detail/CVE-2019-14528

GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in
cobc/scanner.l via crafted COBOL source code.

CVE-2019-14541: https://nvd.nist.gov/vuln/detail/CVE-2019-14541

GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id
in cobc/typeck.c via crafted COBOL source code.

CVE-2019-16395: https://nvd.nist.gov/vuln/detail/CVE-2019-16395

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name()
function in cobc/tree.c via crafted COBOL source code.

CVE-2019-16396: https://nvd.nist.gov/vuln/detail/CVE-2019-16396

GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name()
function in cobc/parser.y via crafted COBOL source code.

Assignee
Assign to
Time tracking