CVE-2003-0102
published 2003-03-18CVE-2003-0102: Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
EXPLOIT
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | file | < file 3.40-1.1 (bookworm) | file 3.40-1.1 (bookworm) |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file | file | — | — |
| file_project | file | >= 0 < 3.40-1.1 | 3.40-1.1 |
| file_project | file | >= 0 < 3.40-1.1 | 3.40-1.1 |
| file_project | file | >= 0 < 3.40-1.1 | 3.40-1.1 |
| file_project | file | >= 0 < 3.40-1.1 | 3.40-1.1 |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
CVSS provenance
nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM