slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
Max CVSS
5.0
EPSS Score
0.47%
Published
2007-01-13
Updated
2018-10-16
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-17
Updated
2017-10-11
Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-06-09
Updated
2016-10-18
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-02-19
Updated
2017-10-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!