cbcvebase.
CVE-2005-3346
published 2005-11-20

CVE-2005-3346: Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as…

PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.85%
53.4th percentile
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianphpsysinfo< phpsysinfo 2.3-7 (bookworm)phpsysinfo 2.3-7 (bookworm)
oshosh
phpgroupwarephpgroupware
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv3.6LOW
vendor_debian3.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.