objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). References: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
Created aspell tracking bugs for this issue: Affects: fedora-all [bug 1984067]
After analysis, the flaw is caused by a lack of checking that an allocation size will fit within a chunk. It is trivial to cause the heap to overflow, and a significant amount is able to be written. This could potentially lead an attacker to execute arbitrary code on the affected system leading to complete exploitation of the system. The upstream patch is https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a and can either be applied manually or by updating to the latest version of aspell
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1808 https://access.redhat.com/errata/RHSA-2022:1808
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-25051