VYPR

Findutils

by GNU

CVEs (2)

  • CVE-2001-1036Aug 31, 2001
    risk 0.03cvss epss 0.01

    GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

  • CVE-2007-2452Jun 4, 2007
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability…