CVE-2016-7787 — Code Injection in Kde-cli-tools

CWE-94 — Code Injection7 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.5%

top 32.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Kde-cli-tools Opensuse Leap Opensuse

Timeline

PublishedDec 23

Latest updateMay 14

Description

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/kde-cli-tools< kde-cli-tools 4:5.8.0-1 (bookworm)

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-2rvv-92pm-m5p9: A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user↗2022-05-14

▶

OSV

CVE-2016-7787: A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user↗2016-12-23

▶

📋Vendor Advisories

Debian

CVE-2016-7787: kde-cli-tools - A maliciously crafted command line for kdesu can result in the user only seeing ...↗2016

▶

💬Community

Bugzilla

CVE-2016-7787 kf5-kdesu: Improper handling of unicode string terminator in kdesu invocation [epel-7]↗2016-09-29

▶

Bugzilla

CVE-2016-7787 kde-cli-tools: Improper handling of unicode string terminator in kdesu invocation↗2016-09-29

▶

Bugzilla

CVE-2016-7787 kde-cli-tools: Improper handling of unicode string terminator in kdesu invocation [fedora-all]↗2016-09-29

▶