CVE-2000-0803

6 documents6 sources
Severity
10.0CRITICAL
EPSS
0.8%
top 25.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Groff
Timeline
PublishedDec 19
Latest updateApr 30

Description

GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDgnu/groff< 1.17

🔴Vulnerability Details

2
GHSA
GHSA-wph5-jqqm-rqpf: GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a2022-04-30
CVEList
CVE-2000-0803: GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a2001-05-07

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service2005-03-17

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2022-08032022-03-01
Microsoft
CVE-2000-0803: NIST NVD Details: https://nvd2020-09-08
CVE-2000-0803 (CRITICAL CVSS 10) | GNU Groff uses the current working | cvebase.io