cbcvebase.
CVE-2007-2452
published 2007-06-04

CVE-2007-2452: Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers…

PriorityP428medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
2.23%
80.5th percentile
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianfindutils< findutils 4.2.31-1 (bookworm)findutils 4.2.31-1 (bookworm)
gnufindutils
gnufindutils
gnufindutils
gnufindutils
gnufindutils
gnufindutils>= 0 < 4.2.31-14.2.31-1
gnufindutils>= 0 < 4.2.31-14.2.31-1
gnufindutils>= 0 < 4.2.31-14.2.31-1
gnufindutils>= 0 < 4.2.31-14.2.31-1

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv7.2HIGH
vendor_debian7.2LOW
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.