Heap-Based Buffer Overflow in GNU Findutils Locate by Free Software Foundation
CVE-2007-2452

Currently unrated

Key Information:

Vendor: Gnu
Status: Findutils
Vendor: CVE Published:; 4 June 2007

Summary

A heap-based buffer overflow vulnerability exists in the visit_old_format function in locate/locate.c of GNU Findutils prior to version 4.2.31. This vulnerability allows attackers to execute arbitrary code through the use of long pathnames in an old-format locate database, highlighting significant security risks associated with improper handling of memory allocation.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

https://exchange.xforce.ibmcloud.com/vulnerabilities/34628

vdb-entryx_refsource_XF

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Jun 4, 2007
Vulnerability Reserved
May 2, 2007