Lucene search

K
nvd[email protected]NVD:CVE-2007-2799
HistoryMay 23, 2007 - 9:30 p.m.

CVE-2007-2799

2007-05-2321:30:00
CWE-189
web.nvd.nist.gov
11

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.049

Percentile

92.8%

Integer overflow in the โ€œfileโ€ program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

Affected configurations

Nvd
Node
filefileMatch4.2
OR
sleuth_kitthe_sleuth_kith
VendorProductVersionCPE
filefile4.2cpe:2.3:a:file:file:4.2:*:*:*:*:*:*:*
sleuth_kitthe_sleuth_kith*cpe:2.3:a:sleuth_kit:the_sleuth_kith:*:*:*:*:*:*:*:*

References

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.049

Percentile

92.8%