10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.037 Low
EPSS
Percentile
91.7%
A buffer overflow vulnerability has been detected in the greed
URL handling code. This bug can especially be a problem when greed is
used to process GRX (GetRight) files that originate from untrusted
sources.
The bug finder, Manigandan Radhakrishnan, gave the following
description:
Here are the bugs. First, in main.c, DownloadLoop() uses strcat()
to copy an input filename to the end of a 128-byte COMMAND array.
Second, DownloadLoop() passes the input filename to system() without
checking for special characters such as semicolons.