Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils prior to 4.2.31 might allow context-dependent malicious users to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu findutils 4.2.29 |
||
gnu findutils 4.2.30 |
||
gnu findutils 4.0 |
||
gnu findutils 4.1 |
||
gnu findutils 4.2.28 |