CVE-2012-3485

Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:tunnelblick:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-26 19:55

Updated : 2024-02-04 18:16


NVD link : CVE-2012-3485

Mitre link : CVE-2012-3485

CVE.ORG link : CVE-2012-3485


JSON object : View

Products Affected

google

  • tunnelblick
CWE
CWE-20

Improper Input Validation