CVE-2007-2452

6 documents6 sources

Severity

6.0MEDIUM

EPSS

1.7%

top 17.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Findutils

Timeline

PublishedJun 4

Latest updateMay 1

Description

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶Debianfindutils< 4.2.31-1+3

▶NVDgnu/findutils5 versions+4

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-4cfr-8c5p-5jg6: Heap-based buffer overflow in the visit_old_format function in locate/locate↗2022-05-01

▶

CVEList

CVE-2007-2452: Heap-based buffer overflow in the visit_old_format function in locate/locate↗2007-06-04

▶

OSV

CVE-2007-2452: Heap-based buffer overflow in the visit_old_format function in locate/locate↗2007-06-04

▶

📋Vendor Advisories

Debian

CVE-2007-2452: findutils - Heap-based buffer overflow in the visit_old_format function in locate/locate.c i...↗2007

▶

Red Hat

CVE-2007-2452: Heap-based buffer overflow in the visit_old_format function in locate/locate↗

▶