CVE-2001-0441 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Linux Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +1 more

Timeline

PublishedJun 27

Latest updateApr 30

Description

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDdebian/debian_linux2.2

▶NVDredhat/linux6.2, 7.0+1

▶NVDmandrakesoft/mandrake_linux5 versions+4

▶NVDmandrakesoft/mandrake_linux_corporate_server1.0.1

Patches

Patch: archives.neohapsis.com ↗Patch: www.debian.org ↗Patch: www.linux-mandrake.com ↗

🔴Vulnerability Details

GHSA

GHSA-269v-f6q7-wg8w: Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0↗2022-04-30

▶

CVEList

CVE-2001-0441: Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0↗2001-05-24

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-03-09

▶

💬Community

Bugzilla

CVE-2001-0441 security flaw↗2018-08-16

▶