CVE-2002-1420

Опубликовано: 11 апр. 2003

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.

Ссылки

http://marc.info/?l=bugtraq&m=102918817012863&w=2
http://www.iss.net/security_center/static/9809.php
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/259787
US Government Resource
http://www.osvdb.org/7554
http://www.securityfocus.com/bid/5442
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=102918817012863&w=2
http://www.iss.net/security_center/static/9809.php
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/259787
US Government Resource
http://www.osvdb.org/7554
http://www.securityfocus.com/bid/5442
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00066

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-63f4-84wq-87g5

github

больше 3 лет назад