High severity8.8NVD Advisory· Published Dec 14, 2017· Updated May 13, 2026

CVE-2017-17514

Description

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jcupitt/nip2/issues/70nvdIssue TrackingThird Party Advisory
security-tracker.debian.org/tracker/CVE-2017-17514nvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000