Product Support

Vulnerability Report - Under rare circumstances, the Algol Compiler can emit invalid code sequences

 
Unisys ID: UIS-2020-2
Status: Published
CVE-ID: CVE-2020-12647
Affected Product: ALGOL
Affected Version: 58.1, 59.1, 60.0.
Impact: HIGH
CVSS v3.1 Base Score: 8.8
CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C  v3 Calculator
CVSS v2.0 Base Score: 6.8
CVSS v2.0 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)  v2 Calculator
CVSS Temporal Score: 7.9
Common Weakness Enumeration (CWE):  CWE-1075
Common Platform Enumeration (CPE):  cpe:2.3:o:unisys:clearpath_mcp:*:*:*:*:*:*:*:*
Source: Client Reported
Keyword(s): ALGOL
Vulnerability Description:
A specific, rarely used combination of constructs in the ALGOL syntax could cause invalid code sequences to be generated, with random side-effects.
System Configuration:
Any Clearpath MCP system with code compiled with ALGOL 58.1, 59.1 or 60.0 compilers in the ALGOL, DCALGOL, DMALGOL or BDMSALGOL languages.
Impact of Exploiting Vulnerability:
Random side effects including system faults.
Remediation Description:
Recompile source with newer ALGOL compiler (versions: 58.1a.15 or higher, 59.1a.9 or higher, or 60.0a.5 or higher).
Workaround Information:
References:
PLE 19279031 (ALGOL), PLE 19281809 (MCP/LOG-TOOLS)
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.