Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6652Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.0CRITICALNVD
EPSS
36.1%
top 2.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XNetbsd
Timeline
PublishedDec 20
Latest updateJan 12

Description

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDapple/mac_os_x41 versions+40

Also affects: Netbsd 2.0, 2.1, 3.0, 3.1

Patches

Patch: ftp.netbsd.orgPatch: securitytracker.comPatch: ftp.netbsd.org

🔴Vulnerability Details

1
GHSA
GHSA-3h9p-57qp-wgj6: Buffer overflow in the glob implementation (glob2022-05-01

💥Exploits & PoCs

2
Exploit-DB
NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow2006-12-01
Exploit-DB
NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)2006-11-30

📐Framework References

1
CAPEC
Buffer Overflow via Parameter Expansion

📄Research Papers

1
arXiv
ThreatLinker: An NLP-based Methodology to Automatically Estimate CVE Relevance for CAPEC Attack Patterns2026-01-12