CVE-2007-2452

Currently unrated

Key Information:

Vendor: Gnu
Status: Findutils
Vendor: CVE Published:; 4 June 2007

Summary

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

https://exchange.xforce.ibmcloud.com/vulnerabilities/34628

vdb-entryx_refsource_XF

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

EPSS Score

4% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 4, 2007
Vulnerability Reserved
May 2, 2007