CVE number – CVE-2019-14468
GnuCOBOL is vulnerable to a buffer overflow, caused by improper bounds checking by the cb_push_op in cobc/field.c. By using specially crafted COBOL source code, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
GnuCOBOL was formerly known as OpenCOBOL.
At the time of writing this post no fix has yet been issued by the software vendor.
Further details here
UK based technology professional, with an interest in computer security and telecoms.