{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-28T03:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/butterflyhack/hunspell-crash"}, {"name": "FEDORA-2019-7841e28c1b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/"}, {"name": "FEDORA-2019-746b0b02f7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/"}, {"name": "FEDORA-2019-074bf7d2d3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/"}, {"name": "FEDORA-2019-656f7ac8ca", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16707", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/butterflyhack/hunspell-crash", "refsource": "MISC", "url": "https://github.com/butterflyhack/hunspell-crash"}, {"name": "FEDORA-2019-7841e28c1b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/"}, {"name": "FEDORA-2019-746b0b02f7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/"}, {"name": "FEDORA-2019-074bf7d2d3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/"}, {"name": "FEDORA-2019-656f7ac8ca", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:17:41.180Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/butterflyhack/hunspell-crash"}, {"name": "FEDORA-2019-7841e28c1b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/"}, {"name": "FEDORA-2019-746b0b02f7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/"}, {"name": "FEDORA-2019-074bf7d2d3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/"}, {"name": "FEDORA-2019-656f7ac8ca", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16707", "datePublished": "2019-09-23T11:46:29", "dateReserved": "2019-09-23T00:00:00", "dateUpdated": "2024-08-05T01:17:41.180Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hunspell_project:hunspell:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0F3229B-5BD1-4C29-9D02-458D1CCE414F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx."}, {"lang": "es", "value": "Hunspell versi\u00f3n 1.7.0, presenta una operaci\u00f3n de lectura no v\u00e1lida en la funci\u00f3n CalculateMgr::leftcommonsubstring en el archivo sugieremgr.cxx."}], "id": "CVE-2019-16707", "lastModified": "2023-11-07T03:05:42.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-23T12:15:10.330", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/butterflyhack/hunspell-crash"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNTSVWI4SWBQL6XMXNGEH7EAQ45WN63G/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD4AJ4M74VT3I6L37E4P5DNYZYBZIOVM/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3971", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "hunspell-0:1.3.2-16.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}], "bugzilla": {"description": "hunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr.cxx", "id": "1771026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771026"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-119->CWE-125", "details": ["Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx."], "name": "CVE-2019-16707", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "hunspell", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "hunspell", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16707"], "statement": "This is unlikely to be an issue in a real world scenario, as it requires specially crafted Hunspell dictionaries, which are not shipped with Red Hat Enterprise Linux. Additionally, applications using Hunspell will likely filter out invalid input before passing it on, which further limits the impact.", "threat_severity": "Low"}