Candidate: CVE-2015-8972
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8972
 http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html
 http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134
Description:
 Stack-based buffer overflow in the ValidateMove function in
 frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow
 context-dependent attackers to execute arbitrary code via a large input, as
 demonstrated when in UCI mode.
Ubuntu-Description:
Notes:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_gnuchess:
upstream_gnuchess: released (6.2.4-1)
precise_gnuchess: ignored (reached end-of-life)
precise/esm_gnuchess: DNE (precise was needs-triage)
trusty_gnuchess: ignored (reached end-of-life)
trusty/esm_gnuchess: DNE (trusty was needed)
vivid/stable-phone-overlay_gnuchess: DNE
vivid/ubuntu-core_gnuchess: DNE
xenial_gnuchess: ignored (end of standard support, was needed)
yakkety_gnuchess: ignored (reached end-of-life)
zesty_gnuchess: ignored (reached end-of-life)
artful_gnuchess: ignored (reached end-of-life)
bionic_gnuchess: not-affected (6.2.5-1)
cosmic_gnuchess: not-affected (6.2.5-1)
disco_gnuchess: not-affected (6.2.5-1)
eoan_gnuchess: not-affected (6.2.5-1)
focal_gnuchess: not-affected (6.2.5-1)
groovy_gnuchess: not-affected (6.2.5-1)
hirsute_gnuchess: not-affected (6.2.5-1)
impish_gnuchess: not-affected (6.2.5-1)
jammy_gnuchess: not-affected (6.2.5-1)
devel_gnuchess: not-affected (6.2.5-1)