Описание
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:juan_cespedes:ltrace:0.3.10:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 21 года назад
Heap-based buffer overflow in the search_for_command function of ltrac ...
github
больше 3 лет назад
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
EPSS
Процентиль: 17%
0.00054
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other