CVE-2004-1289
published 2005-01-10CVE-2004-1289: Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to…
PriorityP341critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.69%
96.2th percentile
Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pcal | < pcal 4.8.0-1 (bookworm) | pcal 4.8.0-1 (bookworm) |
| pcal | pcal | — | — |
| pcal | pcal | — | — |
| pcal | pcal | — | — |
| pcal | pcal | — | — |
| pcal | pcal | — | — |
| pcal | pcal | — | — |
| pcal | pcal | >= 0 < 4.8.0-1 | 4.8.0-1 |
| pcal | pcal | >= 0 < 4.8.0-1 | 4.8.0-1 |
| pcal | pcal | >= 0 < 4.8.0-1 | 4.8.0-1 |
| pcal | pcal | >= 0 < 4.8.0-1 | 4.8.0-1 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7wh2-5p5j-qqmq: Multiple buffer overflows in (1) the getline function in pcalutil
ghsa_unreviewed·2022-04-29
CVE-2004-1289 [HIGH] GHSA-7wh2-5p5j-qqmq: Multiple buffer overflows in (1) the getline function in pcalutil
Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.
OSV
CVE-2004-1289: Multiple buffer overflows in (1) the getline function in pcalutil
osv·2005-01-10·CVSS 10.0
CVE-2004-1289 [CRITICAL] CVE-2004-1289: Multiple buffer overflows in (1) the getline function in pcalutil
Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.
Debian
CVE-2004-1289: pcal - Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the ...
vendor_debian·2004·CVSS 10.0
CVE-2004-1289 [CRITICAL] CVE-2004-1289: pcal - Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the ...
Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.
Scope: local
bookworm: resolved (fixed in 4.8.0-1)
bullseye: resolved (fixed in 4.8.0-1)
forky: resolved (fixed in 4.8.0-1)
sid: resolved (fixed in 4.8.0-1)
trixie: resolved (fixed in 4.8.0-1)
No detection rules found.
Exploit-DB
PCAL 4.x - Calendar File 'get_holiday' Remote Buffer Overflow
exploitdb·2004-12-15
CVE-2004-1289 PCAL 4.x - Calendar File 'get_holiday' Remote Buffer Overflow
PCAL 4.x - Calendar File 'get_holiday' Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/12036/info
PCAL is prone to a buffer overflow vulnerability. This issue is exposed when the application handles a calendar file that contains excessively long holiday data. Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation of this issue will result in execution of arbitrary code as the user of the application.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25036.zip
Exploit-DB
PCAL 4.x - Calendar File 'getline' Remote Buffer Overflow
exploitdb·2004-12-15
CVE-2004-1289 PCAL 4.x - Calendar File 'getline' Remote Buffer Overflow
PCAL 4.x - Calendar File 'getline' Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/12035/info
PCAL is prone to a buffer overflow vulnerability. This issue is exposed when the application handles a calendar file that contains excessively long lines. Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation of this issue will result in execution of arbitrary code as the user of the application.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25035.zip
No writeups or analysis indexed.
2005-01-10
Published