Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.
References
Configurations
History
No history.
Information
Published : 2005-11-20 21:03
Updated : 2024-02-04 16:52
NVD link : CVE-2005-3346
Mitre link : CVE-2005-3346
CVE.ORG link : CVE-2005-3346
JSON object : View
Products Affected
osh
- osh
CWE