CVE-2009-0848 — OS Command Injection in Opensuse

CWE-78 — OS Command Injection3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.2%

top 59.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Debian Gtk+2.0

Timeline

PublishedMar 11

Latest updateMay 2

Description

Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDopensuse/opensuse11.0, 11.1+1

▶debiandebian/gtk+2.0

🔴Vulnerability Details

GHSA

GHSA-985c-hrh4-r66m: Untrusted search path vulnerability in GTK2 in OpenSUSE 11↗2022-05-02

▶

📋Vendor Advisories

Debian

CVE-2009-0848: gtk+2.0 - Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows loc...↗2009

▶