Описание
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.10.6-1ubuntu3.1 |
| devel | released | 0.11.1-1.4ubuntu1 |
| edgy | released | 0.11.1-1ubuntu2.1 |
| feisty | released | 0.11.1-1.2ubuntu2.1 |
| upstream | needs-triage |
Показывать по
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
Untrusted search path vulnerability in the add_filename_to_string func ...
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
EPSS
4.4 Medium
CVSS2