CVE-2020-35357

MEDIUM

Gnu Scientific Library - Buffer Overflow

Title source: rule

Description

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.

References (4)

Core 4

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/12/msg00006.html

Mailing List, Patch

https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859

Patch

https://savannah.gnu.org/bugs/?59624

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (3)

debian/debian_linux 10.0

gnu/gnu_scientific_library 2.5

gnu/gnu_scientific_library 2.6

Published Aug 22, 2023

Tracked Since Feb 18, 2026