CVE-2004-1224
published 2005-01-10CVE-2004-1224: Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s"…
PriorityP46medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.33%
25.1th percentile
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mtr | < mtr 0.67-1 (bookworm) | mtr 0.67-1 (bookworm) |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | — | — |
| mtr | mtr | >= 0 < 0.67-1 | 0.67-1 |
| mtr | mtr | >= 0 < 0.67-1 | 0.67-1 |
| mtr | mtr | >= 0 < 0.67-1 | 0.67-1 |
| mtr | mtr | >= 0 < 0.67-1 | 0.67-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5hc8-p83m-v3q6: Off-by-one error in the mtr_curses_keyaction function for mtr 0
ghsa_unreviewed·2022-04-29
CVE-2004-1224 [MEDIUM] GHSA-5hc8-p83m-v3q6: Off-by-one error in the mtr_curses_keyaction function for mtr 0
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
OSV
CVE-2004-1224: Off-by-one error in the mtr_curses_keyaction function for mtr 0
osv·2005-01-10·CVSS 4.6
CVE-2004-1224 [MEDIUM] CVE-2004-1224: Off-by-one error in the mtr_curses_keyaction function for mtr 0
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
Debian
CVE-2004-1224: mtr - Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 ...
vendor_debian·2004·CVSS 4.6
CVE-2004-1224 [MEDIUM] CVE-2004-1224: mtr - Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 ...
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
Scope: local
bookworm: resolved (fixed in 0.67-1)
bullseye: resolved (fixed in 0.67-1)
forky: resolved (fixed in 0.67-1)
sid: resolved (fixed in 0.67-1)
trixie: resolved (fixed in 0.67-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2005-01-10
Published