CVE-2003-0102

2003-03-1805:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Affected configurations

Nvd

Node

filefileMatch3.28

filefileMatch3.30

filefileMatch3.32

filefileMatch3.33

filefileMatch3.34

filefileMatch3.35

filefileMatch3.36

filefileMatch3.37

filefileMatch3.39

filefileMatch3.40

Node

netbsdnetbsdMatch1.5

netbsdnetbsdMatch1.5.1

netbsdnetbsdMatch1.5.2

netbsdnetbsdMatch1.5.3

netbsdnetbsdMatch1.6

VendorProductVersionCPE
filefile3.28cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*
filefile3.30cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*
filefile3.32cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*
filefile3.33cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*
filefile3.34cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*
filefile3.35cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*
filefile3.36cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*
filefile3.37cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*
filefile3.39cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*
filefile3.40cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
file	file	3.28	cpe:2.3:a:file:file:3.28:::::::*
file	file	3.30	cpe:2.3:a:file:file:3.30:::::::*
file	file	3.32	cpe:2.3:a:file:file:3.32:::::::*
file	file	3.33	cpe:2.3:a:file:file:3.33:::::::*
file	file	3.34	cpe:2.3:a:file:file:3.34:::::::*
file	file	3.35	cpe:2.3:a:file:file:3.35:::::::*
file	file	3.36	cpe:2.3:a:file:file:3.36:::::::*
file	file	3.37	cpe:2.3:a:file:file:3.37:::::::*
file	file	3.39	cpe:2.3:a:file:file:3.39:::::::*
file	file	3.40	cpe:2.3:a:file:file:3.40:::::::*