CVE-2007-2452

2007-06-0416:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2452

security

buffer overflow

gnu findutils

nvd

vulnerability

code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.007

Percentile

79.5%

JSON

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

Affected configurations

NVD

Node

gnufindutilsMatch4.0

gnufindutilsMatch4.1

gnufindutilsMatch4.2.28

gnufindutilsMatch4.2.29

gnufindutilsMatch4.2.30

VendorProductVersionCPE
gnufindutils4.2.30cpe:/a:gnu:findutils:4.2.30:::
gnufindutils4.1cpe:/a:gnu:findutils:4.1:::
gnufindutils4.2.28cpe:/a:gnu:findutils:4.2.28:::
gnufindutils4.0cpe:/a:gnu:findutils:4.0:::
gnufindutils4.2.29cpe:/a:gnu:findutils:4.2.29:::

Vendor	Product	Version	CPE
gnu	findutils	4.2.30	cpe:/a:gnu:findutils:4.2.30:::
gnu	findutils	4.1	cpe:/a:gnu:findutils:4.1:::
gnu	findutils	4.2.28	cpe:/a:gnu:findutils:4.2.28:::
gnu	findutils	4.0	cpe:/a:gnu:findutils:4.0:::
gnu	findutils	4.2.29	cpe:/a:gnu:findutils:4.2.29:::