Buffer overflow in setlocale in libc on NetBSD 1.4.x up to and including 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local malicious users to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netbsd netbsd 1.5 |
||
netbsd netbsd 1.5.1 |
||
netbsd netbsd 1.5.2 |
||
netbsd netbsd 1.5.3 |
||
netbsd netbsd 1.6 |
||
netbsd netbsd 1.4 |