CVE-2002-2099 : Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly ga

Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.

Published 2002-12-31 05:00:00

Updated 2017-12-19 02:29:38

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2002-2099

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-2099

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2002-2099

http://securitytracker.com/id?1003241

Exploit;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7979

Products affected by CVE-2002-2099

GNU » Data Display Debugger » Version: 3.3.1
cpe:2.3:a:gnu:data_display_debugger:3.3.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-2099

Exploit prediction scoring system (EPSS) score for CVE-2002-2099

CVSS scores for CVE-2002-2099

References for CVE-2002-2099

Products affected by CVE-2002-2099