Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0246Use of Externally-Controlled Format String in Unixware

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 53.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Caldera Unixware
Timeline
PublishedMay 29
Latest updateMay 3

Description

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDcaldera/unixware7.1.1

Patches

Patch: stage.caldera.comPatch: www.iss.netPatch: stage.caldera.com

🔴Vulnerability Details

2
GHSA
GHSA-4fhx-m3mx-qm88: Format string vulnerability in the message catalog library functions in UnixWare 72022-05-03
CVEList
CVE-2002-0246: Format string vulnerability in the message catalog library functions in UnixWare 72003-04-02

💥Exploits & PoCs

1
Exploit-DB
Caldera UnixWare 7.1.1 - Message Catalog Environment Variable Format String2002-02-07
CVE-2002-0246 — Caldera Unixware vulnerability | cvebase