GnuCOBOL cb_push_op buffer overflow [CVE-2019-14468]

CVE number – CVE-2019-14468

GnuCOBOL is vulnerable to a buffer overflow, caused by improper bounds checking by the cb_push_op in cobc/field.c. By using specially crafted COBOL source code, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

GnuCOBOL was formerly known as OpenCOBOL.

At the time of writing this post no fix has yet been issued by the software vendor.

Further details here

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: