VYPR
Unrated severityNVD Advisory· Published Nov 20, 2005· Updated Jun 16, 2026

CVE-2005-3346

CVE-2005-3346

Description

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:a:osh:osh:1.7.14:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.