cbcvebase.
CVE-2004-1224
published 2005-01-10

CVE-2004-1224: Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s"…

PriorityP46medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.33%
25.1th percentile
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianmtr< mtr 0.67-1 (bookworm)mtr 0.67-1 (bookworm)
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr
mtrmtr>= 0 < 0.67-10.67-1
mtrmtr>= 0 < 0.67-10.67-1
mtrmtr>= 0 < 0.67-10.67-1
mtrmtr>= 0 < 0.67-10.67-1

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.