CVE-2002-1604

3 documents3 sources

Severity

7.5HIGH

EPSS

53.1%

top 2.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Hp-ux HP Tru64

Timeline

PublishedSep 2

Latest updateApr 30

Description

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDhp/tru645 versions+4

▶NVDhp/hp-ux5 versions+4

🔴Vulnerability Details

GHSA

GHSA-cm7j-94hg-gxf8: Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable↗2022-04-30

▶

CVEList

CVE-2002-1604: Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable↗2005-03-25

▶