CVE-2015-8972 Gnu CVE debrief

Who should care

Teams that package, deploy, or embed GNU Chess/gnuchess should care most, especially distro maintainers, build engineers, and admins of systems that accept or forward chess-engine input to the application.

Technical summary

The NVD record maps the issue to CWE-119 and lists the vulnerable CPE range for gnu:chess with an upper bound before 6.2.4. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high-impact memory corruption flaw with no privileges or user interaction required in the NVD scoring model. The supplied references point to a GNU mailing list discussion, an SVN patch revision, and follow-up oss-security threads.

Defensive priority

Critical. If GNU Chess is present, prioritize verification and upgrade/patching before relying on the software in any exposed workflow.

Recommended defensive actions

• Confirm whether gnuchess/GNU Chess is installed or bundled anywhere in your environment.
• Upgrade to GNU Chess 6.2.4 or later, or apply the referenced upstream patch if you build from source.
• If the application is used in automated or network-facing workflows, restrict access until patched.
• Rebuild or redeploy any derived packages after applying the fix, then validate the installed version.
• Review the referenced mailing list and patch links to align your remediation with upstream guidance.

Evidence notes

This debrief is based on the published CVE record and NVD detail page. The supplied NVD metadata identifies the affected product as gnu:chess versions before 6.2.4, classifies the weakness as CWE-119, and assigns CVSS 3.1 9.8. The reference list includes a GNU bug mailing list item, an SVN revision labeled as a patch, and oss-security discussion threads, which together support the existence of the bug, fix activity, and public advisory timeline. CVE publishedAt: 2017-01-23T21:59:00.847Z; modifiedAt: 2026-05-13T00:24:29.033Z.

Official resources