Vulnerabilities > CVE-2003-0326 - Heap Overflow vulnerability in SLocate Path Malloc Integer Signing

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

slocate

NVD

Published: 2003-06-09

Updated: 2016-10-18

Summary

Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc.

Vulnerable Configurations

Part	Description	Count
Application	Slocate Slocate Slocate *	1

References

http://marc.info/?l=bugtraq&m=105337692202626&w=2
http://www.securityfocus.com/bid/7629