cbcvebase.
CVE-2001-1036
published 2001-08-31

CVE-2001-1036: GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an…

PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.90%
55.1th percentile
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianfindutils< findutils 4.2.31-1 (bookworm)findutils 4.2.31-1 (bookworm)
gnufindutils
gnufindutils
gnufindutils
gnufindutils
gnufindutils
gnufindutils>= 0 < 4.2.31-14.2.31-1
gnufindutils>= 0 < 4.2.31-14.2.31-1
gnufindutils>= 0 < 4.2.31-14.2.31-1
gnufindutils>= 0 < 4.2.31-14.2.31-1
slackwareslackware_linux
slackwareslackware_linux

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.