Login Sign Up

CVE-2019-20433

9.1 CRITICAL
Buffer Overflow

📋 TL;DR

CVE-2019-20433 is a buffer over-read vulnerability in GNU Aspell that occurs when processing strings ending with a single null byte in UCS-2 or UCS-4 encoding. This vulnerability allows attackers to read beyond allocated memory boundaries, potentially exposing sensitive information or causing application crashes. Systems using Aspell with UCS-2/UCS-4 encoding configured via environment variables are affected.

💻 Affected Systems

Products:
  • GNU Aspell
Versions: All versions before 0.60.8
Operating Systems: All operating systems running vulnerable Aspell versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when encoding is set to ucs-2 or ucs-4 via ASPELL_CONF environment variable or configuration.

📦 What is this software?

Aspell by Gnu

View all CVEs affecting Aspell →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of adjacent memory contents, potentially exposing sensitive data like passwords or encryption keys, leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure from adjacent memory regions.

🟢

If Mitigated

Minimal impact with proper memory protections like ASLR and DEP, likely resulting only in application crashes.

🌐 Internet-Facing: LOW - Aspell is typically used locally for spell checking, not as an internet-facing service.
🏢 Internal Only: MEDIUM - Could be exploited by local users or through applications that use Aspell library functionality.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to set environment variables and trigger Aspell processing with specific encoding.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.60.8

Vendor Advisory: http://aspell.net/buffer-overread-ucs.txt

Restart Required: Yes

Instructions:

1. Download Aspell 0.60.8 or later from http://aspell.net. 2. Compile and install following standard build procedures. 3. Restart any applications using Aspell library.

🔧 Temporary Workarounds

Remove UCS encoding configuration

all

Prevent use of vulnerable UCS-2/UCS-4 encoding by removing or modifying ASPELL_CONF environment variable

unset ASPELL_CONF
export ASPELL_CONF="encoding=utf-8"

Restrict environment variable access

linux

Limit ability to set ASPELL_CONF environment variable for untrusted users

chmod 644 /etc/environment
set secure environment policies

🧯 If You Can't Patch

  • Disable Aspell functionality in applications if not required
  • Implement strict environment variable controls and user privilege restrictions

🔍 How to Verify

Check if Vulnerable:

Check Aspell version with 'aspell --version' and verify if below 0.60.8

Check Version:

aspell --version | head -1

Verify Fix Applied:

Confirm version is 0.60.8 or higher with 'aspell --version'

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory access violation errors in system logs

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Process:aspell AND (EventID:1000 OR Signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2019-20433
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: January 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-20433, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)