CVE-1999-1048Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 75.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxRedhat Linux
Timeline
PublishedSep 5
Latest updateApr 30

Description

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDredhat/linux4.2

Also affects: Debian Linux 1.3.1

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-9p4p-8m7m-jjq4: Buffer overflow in bash 22022-04-30
CVEList
CVE-1999-1048: Buffer overflow in bash 22002-03-09
CVE-1999-1048 — Debian Linux vulnerability | cvebase