Vulnerabilities > CVE-2002-2099 - Local Security vulnerability in GNU Data Display Debugger 3.3.1

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

gnu

NVD

Published: 2002-12-31

Updated: 2017-12-19

Summary

Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Data Display Debugger 3.3.1	1

References

http://securitytracker.com/id?1003241
https://exchange.xforce.ibmcloud.com/vulnerabilities/7979