Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed prior to 1.0 allows context-dependent or user-assisted malicious users to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu ed 0.7 |
||
gnu ed 0.8 |
||
gnu ed 0.5 |
||
gnu ed 0.6 |
||
gnu ed 0.3 |
||
gnu ed 0.4 |
||
gnu ed 0.2 |
||
gnu ed 0.9 |