6

CVE-2007-2452

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuFindutils Version4.0
GnuFindutils Version4.1
GnuFindutils Version4.2.28
GnuFindutils Version4.2.29
GnuFindutils Version4.2.30
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.23% 0.804
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://osvdb.org/36827
http://secunia.com/advisories/25477
Patch
Vendor Advisory
http://secunia.com/advisories/40551
http://securityreason.com/securityalert/2760
http://www.securityfocus.com/archive/1/470108/100/0/threaded
http://www.securityfocus.com/bid/24250
Patch
http://www.securitytracker.com/id?1018183
http://www.vupen.com/english/advisories/2007/2015
http://www.vupen.com/english/advisories/2010/1796
https://exchange.xforce.ibmcloud.com/vulnerabilities/34628