2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27
allows local users to cause a denial of service (crash) via a crafted file,
related to the page global variable.
Author | Note |
---|---|
sbeattie | fixed in util-linux, but debian/ubuntu util-linux does not ship colcrt |
ccdm94 | package bsdmainutils is not vulnerable in any release due to code that checks for writing beyond array bounds being included in the commit which introduced multibyte character support (243041573f0). Releases that include the multibyte character support therefore include the checks. A fix that identifies read errors was also released in a 2004 commit (70cd856a0c6), and is present in the code for all Ubuntu releases that contain colcrt in bsdmainutils. More recent versions such as Ubuntu 21.10 don’t include the colcrt code, as it was removed from the bsdmainutils source. |