CVE-2003-0947

Exploit

EPSS 0.09%
Veröffentlicht 15.12.2003 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireless Tools Project ≫ Wireless Tools Version19

Wireless Tools Project ≫ Wireless Tools Version20

Wireless Tools Project ≫ Wireless Tools Version21

Wireless Tools Project ≫ Wireless Tools Version22

Wireless Tools Project ≫ Wireless Tools Version23

Wireless Tools Project ≫ Wireless Tools Version24

Wireless Tools Project ≫ Wireless Tools Version25

Wireless Tools Project ≫ Wireless Tools Version26

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.266

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://marc.info/?l=bugtraq&m=106867458902521&w=2

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2003-0947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0947

EUVD