Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1022

7 documents6 sources

Severity

7.5HIGH

EPSS

21.2%

top 4.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Groff

Timeline

PublishedJul 26

Latest updateApr 30

Description

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgnu/groff6 versions+5

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fj6r-7wmg-qvf3: Format string vulnerability in pic utility in groff 1↗2022-04-30

▶

CVEList

CVE-2001-1022: Format string vulnerability in pic utility in groff 1↗2002-06-25

▶

💥Exploits & PoCs

Exploit-DB

GNU groff 1.1x - xploitation Via LPD↗2001-06-23

▶

Exploit-DB

Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (1)↗1999-11-07

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-07-27

▶

💬Community

Bugzilla

CVE-2001-1022 security flaw↗2018-08-16

▶